Wireshark in Ubuntu or Linux Mint
Hello Everyone,
Have you ever had to disable your Windows defender to be able to working with a file detected as a malware? Or you have been dealing with a real malicious file or document ?
I recently have been trying to analyse a .pcap file with Wireshark in Windows 10 , and needed to extract a real malicious object. Surely Windows defender is there to protect us and its just doing its job detecting and deleting malicious files , but I needed to disable it temporarily to be able to do my task.
When it comes to work with suspected malicious files I feel much safer when this is done in Linux environment, as not all but mostly malware programs are targeting windows system. Of course still need to use Windows to test and run other tools but doing some bits in Linux may reduce the risk of damaging your system.
Today i am going to show you how to install and use Wireshark in linux :Ubuntu or Linux Mint.
Let’s first say few words about Wirehark: Wireshark is an amazing tool for capturing and analysing network traffic to detect malware behaviour. It is available for free to download and install for Windows , Mac OS in their website https://www.wireshark.org/ , but how to install it on Linux?
I am running LinuxMint as main Operating System on my laptop and also have Ubuntu virtual machine running in Vmware . Because Linux Mint is based on Ubuntu, installation process is pretty much the same.
Detailed guide how to install ubuntu virtual machine in Windows you can find in my previous blog here : https://medium.com/@salim.y.salimov/hello-everyone-af227e850de3
Installing Wireshark in linux is quiet easy and there are couple of ways to do that: from built-in software centre/ manager or with terminal commans
1.Installing from software manager
but using software manager we still going to need terminal for some configurations to be able to use application’s full functionality like: having permissions to running in promiscouse mode and capture packets otherwise We will get this screen.
To fix this we need to open a terminal (you can do it with CTRL+ALT+T key combination) and run following command in it:
sudo dpkg-reconfigure wireshark-common
you wil need to answer with yes on next question that pops up
Let it finish the process , And one more final step we need to run following command in terminal:
sudo adduser (put your user name here) wireshark
Reboot system
to make it quicker while in terminal you can type:
sudo reboot
Now wehave fully functional Wireshark in linux that we can use to capture and monitor network trafic and analyse .pcap files in Linux
2.If you prefer to use terminal for the entire installation process just use these commands in order and you will have same result
sudo apt install wireshark
let it download and and install nessery packages and dont forget to choose yes on the configuration screen
sudo adduser (put your user name here) wireshark
sudo reboot
3.Run and use wireshark
you can find it easily searching in installed apps and add it to your favorites in Ubuntu or make a desktop shortcut in Linux mint
Here you can see few screenshots where i have extracted a real malicious object from a .pcap file then uploaded it to https://www.virustotal.com/gui/home/upload to confirm that it is really malicious object.
