Skip to main content

Install Wireshark 3.0.2 on Ubuntu Desktop 18.04 REDUX (Updated)

(Update 20201130):

Looks like the PPA is active again with at least 3.2.x (it was inactive and still running 2.x at the time I wrote this):

I recommend using PPA versus compiling from source, unless you need to compile from source…or like to do it the hard way. 😛

(Updated 2020101 with new dependencies needed)

In my previous post, I gave instructions on how to build and install Wireshark 3.0.1 for Ubuntu 18.04, which did the trick at the time, but it was a little hasty and had a few bugs that I didn’t know how to resolve at the time. Come Monday morning at Sharkfest 2019, during a TLS training session with @SYNbit, I had a problem with decrypting packets (I couldn’t add RSA keys). I found out that in my compiling of Wireshark, I didn’t include the GNUTLS package — and actually, it turns out there’s a lot I didn’t include that would actually solve the bugs I mentioned in the previous post. You can see all I didn’t include in the compiling here:

Wireshark version without packages

So in other words, I didn’t compile this correctly, and even shared how to do it incorrectly. Not going to say I was wrong, but perhaps you could say it was half-baked.

Ya BLEW IT Gif Shaking Head Tim and Eric

Well, I’m hoping to correct the record here.

Wireshark and Ubuntu 18.04+

If you’re doing packet analysis and run Debian/Ubuntu, you may have noticed that Wireshark is currently at version 3.0.2 (at the time of writing this), but both Debian and Ubuntu are running 2.6.x versions of Wireshark (Debian Stretch is at 2.6.7-1, and Ubuntu 18.04 is at 2.6.8-1). While Fedora 30 is running Wireshark 3.0.1, even Ubuntu 19.10 (Eoan) is still running Wireshark 2.6.9-1 (again at the time of writing this).

Wireshark Logo

Now for probably really good reasons, there still isn’t a Wireshark 3.0.2 deb package for Debian-Ubuntu distributions, and if you just so happen to be at Sharkfest 2019 running some flavor of Debian/Ubuntu and you’re taking the packet analysis classes, you needed to be running Wireshark 3.0.2. Of course, you could just fire up a VM on your laptop and run Windows, or grab that random spare Mac in your bag — why you have a spare Mac in your bag is beyond me — but your only option is to compile from source the Wireshark package.

Background On Compiling and Installing Wireshark 3.0.2 for Ubuntu Desktop 18.04

The first thing to note here is that the previous post focused on 3.0.1, but that wasn’t the most recent Wireshark source, so for this we’re updating to 3.0.2.

Next, when compiling applications from source, usually the approach is to extract the tarball, then run ‘configure, make, make install’ and you’re done. However, Wireshark actually has info on how to build this within the tarball in a file called “INSTALL” (I know, I pretty much can hear “RTFM” as I type this). Starting at about line 191, the file says:

11/b. If you ‘re running a system that supports APT (Debian/Ubuntu/etc.)

dpkg-buildpackage -us -uc -rfakeroot

in the source directory right after extracting of checking out
Wireshark’s source code. (You don’t have to run configure/make/etc.
prior to running dpkg-buildpackage)

Ok, great, but if you run the command above, you’ll likely find that you have a few dependencies that you’re missing. The instructions below should help clear this all up.

Compiling and Installing Wireshark 3.0.2 for Ubuntu Desktop 18.04

Disclaimer: like I noted in my previous post, Wireshark is a complicated application, and I am not a developer, so my instructions could have some flaws (they certainly have improved). My main intent here is to just share the dependencies needed to get Wireshark 3.0.2 compiled because otherwise you’re going to be running the dpkg-buildpackage command, get the dependency error messages, Google the dependency package for Ubuntu, install it, then find the next one over and over again — if only someone just posted the dependencies!

Install the Dependencies

First off, let’s install all the dependencies needed (there’s a lot):

sudo apt install build-essential gnutls-bin qtbase5-dev qtbase5-dev-tools qttools5-dev qttools5-dev-tools qtmultimedia5-dev libqt5svg5-dev libpcap0.8-dev flex zlib1g-dev debhelper po-debconf libtool python3-ply libc-ares-dev xsltproc dh-python docbook-xsl docbook-xml libxml2-utils libpcre3-dev libcap-dev bison quilt libparse-yapp-perl libgnutls28-dev libgcrypt20-dev libkrb5-dev liblua5.2-dev libsmi2-dev libmaxminddb-dev libsystemd-dev libnl-genl-3-dev libnl-route-3-dev asciidoctor cmake libsbc-dev libnghttp2-dev libssh-gcrypt-dev liblz4-dev libsnappy-dev libspandsp-dev libxml2-dev cdbs dh-translations intltool jq libfile-which-perl libjq1 libonig4 libpython-stdlib libsnacc-dev libsnacc0c2 omniidl python python-minimal python2.7 python2.7-minimal python3-scour scour snacc snacc-doc libzstd-dev libbrotli-dev libspeexdsp-dev

(Update 20200101: I’ve updated the dependencies to include the following that were missing before: libzstd-dev libbrotli-dev libspeexdsp-dev.

Grab the Source Tarball and Set Up the Build Environment

After doing this a few times, I learned that it’s easier to set up a build directory because when you run the dpkg-buildpackage command, it’s going to build .deb files in the parent directory of the extracted tarball directory (see later). Let’s create the build directory, grab the source tarball, and extract it:

mkdir wireshark_build
tar xf wireshark-3.0.2.tar.xz
cd wireshark-3.0.2

Build Wireshark 3.0.2

Assuming everything above went off without a hitch, we should be able to build Wireshark now. Within the ‘wireshark-3.0.2’ directory, run the following command:

dpkg-buildpackage -us -uc -rfakeroot

dpkg-buildpackage’ is a program that builds packages for installation; the command won’t install Wireshark (that comes next), but it does build the .deb files for installation. The process can take anywhere from 10-30 minutes (maybe more) depending on your system. Once the process is done, in the parent directory (‘wireshark_build’), you should see the following deb files:


Now we can install the packages.

Install Wireshark

To the install the packages above, within ‘wireshark_build’, run the following command:

sudo dpkg -i *.deb

You’ll likely get a prompt during the install about dumpcap and running as root. Basically, it’s best practice to not run Wireshark as root but to instead create a group that has permissions to capture packets. During the .deb installation, the installer will create the group ‘wireshark’, so enter ‘Yes’ at the prompt to create the group, then add your user account to the group with the following command:

sudo usermod -a -G wireshark <your_username>

If during the install you have dependency errors, usually that can be resolve by running an apt install fix that will install the dependencies and finish the Wireshark install:

sudo apt install -f

Assuming everything went well, Wireshark should be installed and you should get the following under Help > About Wireshark:

About Wireshark Information 3.0.2
Ubuntu Desktop 18.04
Wireshark 3.0.2 - On Crostini Ubuntu 18.04
ChromeOS Crostini – Ubuntu 18.04

BCG729 Package Missing

One thing to note is that there is one package that is missing from these instructions: BCG729. BCG729 is a an open-source encoder/decoder for the G729 codec, and if you wish to have that, you’ll need to build and compile that before you build and compile the Wireshark .deb files. More info on that here.

That should be it! Happy packet analyzing!

9 thoughts to “Install Wireshark 3.0.2 on Ubuntu Desktop 18.04 REDUX (Updated)”

  1. To build the packages I had to add the following to debian/rules:

    dh_shlibdeps –dpkg-shlibdeps-params=–ignore-missing-info

    BTW to retry without a full rebuild (>10 minutes), try adding “-nc” to dpkg-buildpackage command.

  2. I built WS 3.0.4 using these instructions, and the only gotcha is that during the process of installing the dependencies, libonig4 was not present, but libonig5 worked.

  3. I followed the build instructions, and had no errors. The only issue was a newer source version was available: 3.2.4. It took about +- 10 minutes to compile, but I did not get the two splash screens when completed.

    Wireshark would not capture any packets if run from the menu, but runs fine from the CLI.

  4. successfully build WS 3.0.14! on linux mint 19.3; one build conflict with libsnmp-dev (5.7.3+dfsg-1.8ubuntu3.6),
    i removed that lib and all went fine, Installation too. THANKS !!

  5. successfully build WS 3.2.8, 3.3.1, 3.4.0 on linux mint 19.3.
    I forgot to tell you, it might be useful to add the ppa wireshark-dev/stable ,
    sudo add-apt-repository ppa:wireshark-dev/stable
    sudo apt-get update

    good luck !

    1. Oh sweet! When I put these posts together, the PPA was inactive for quite some time and only offered 2.x. Looks like someone in Wireshark reactivated it, which is better than compiling from source!

      Thanks for sharing that!

      1. Hey Jimmy, there is one good reason to build your own version from source, in my case i need Version 3.0.14 , because this is the last one in which you can use the IP-Adresses under “Resolved Adresses” (Statistics) with simple “Copy and Paste” to build your own hosts-file or to make a batch-file for firewall rules, or something like that.
        it might be also useful to hold these packages in your installation of linux.
        The only possibility is to make a preferences file in “/etc/apt/preferences.d” i.e. “wireshark.pref” (the ending is important) it must contain the following lines to really hold these packages (for upgrades and dist-upgrades) :


        Package: libwireshark-dev
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: libwiretap-dev
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: libwsutil-dev
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: tshark
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: wireshark
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: wireshark-common
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: wireshark-qt
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: libwireshark-data
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: libwsutil10
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: libwsutil-dev
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: wireshark-doc
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: libwiretap9
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: libwiretap-dev
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: libwscodecs2
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: libwireshark12
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: wireshark-dbg
        Pin: version 3.0.14*
        Pin-Priority: 1000

        Package: wireshark-dev
        Pin: version 3.0.14*
        Pin-Priority: 1000


        (for your convenience)
        happy new year !

Leave a Reply

Your email address will not be published. Required fields are marked *