How to install Wireshark on Debian 11 Bullseye Linux

Let’s learn the commands to install the Wireshark Sniffer tool on Debian 11 Bullseye Linux using the command terminal.

Wireshark is a free and extremely popular network communication link analyzer and was formerly known as Ethereal. It is a so-called network sniffer or network stumbler software. The tool, also known as data logger software, offers the possibility of displaying the data traffic of an interface (usually Ethernet TCP/IP) as data packets after or during the recording. This involves a clear, simplified data analysis that can be understood by the user. In this way, there is the opportunity to view individual recorded data packets or to sort them according to specific content. Wireshark can also prepare and create clear data flow statistics. WinPcap enables the transparent recording of the respective data traffic under Microsoft Windows. But Wireshark works on almost every platform: Windows, Mac OS X, AIX, BSD, Linux, and Solaris.

Steps to install WireShark on Debian 11 Bullseye

1. Requirements

To perform this tutorial we need:

Debian Linux
Non-root sudo user
Terminal access
Internet Connection

2. Update Debian 11 System

Here we will use the APT package manager to install WireShark on our Debian 11 bullseye. Hence, we have to make sure the sources we required to fetch the packages for this program are up to date and our system knows about the packages available in them. For that let’s once run the system update command.

sudo apt update


3. Install Wireshark on Debian 11 Bullseye

Well, being open-source software, it is available easily available through the default Debian 11 Bullseye repository. Hence, we don’t need to download its .deb binary manually. Using the default APT package manager of Debian can fetch and install Wireshark like any other Linux program.

sudo apt install wireshark -y


4. Check Version

Once the installation is completed we can check its version, to know what version has been installed on our computer, run.

wireshark -v


5. Run WireShark to capture network data

We can easily use the WireShark to capture the data from available network interfaces, to analyze what is happening. Wireshark logs the network traffic of the interfaces of the system on which it is installed. The program can record data traffic, allowing you to view the content of a data packet. The IP address of the target system is always logged. For example, Wireshark can be used to unmask programs that are notorious.

In your command terminal, use:

sudo wireshark &

After you have started Wireshark, the software first shows you the interfaces of the computer. In the overview, mark the entry for the interface that is to be monitored.

WireShark to capture the data from available network interfaces

Click on the shark flipper icon in the top left corner to start recording. You can already click on an entry during the recording to take a closer look at the package. Continue working with the system as usual. When it comes to detecting unwanted network traffic, it is not possible to determine with certainty when a computer will call up its target host. Incidentally, at a later date, if you have a protocol or a destination under particular suspicion, Filter traffic recording from the start. In the “Record” menu you will find the entry “Recording filter“.

WireShark installed on Debian 11 Bullseye


Other Articles:

10 popular Open-Source Tools to Secure Your Linux Server in 2022
Install SimpleScreenRecorder in Ubuntu 20.04 LTS to record screen
How to install OpenVPN Client on Debian 11
3 ways to Install Microsoft Teams on Debian




Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.