This tutorial explains how to install Wireshark on Debian 11, and how to get started with this packet analyzer useful for many purposes including network problems troubleshooting, sniffing and more.
To Install Wireshark on Debian 11, run the following command to update your packet versions information.
$ sudo apt update
Then, install Wireshark using the apt command as shown below.
$ sudo apt install wireshark -y
As you can see in the screenshot below, you can find Wireshark from your applications menu or Applications Finder. To get started with Wireshark, select it and press the Launch button.
The welcome screen will show up. Select your network device to capture packets and press the shark fin icon shown in the screenshot below to start capturing network traffic.
You can launch Wireshark from the graphical interface as explained in the previous steps, from the Application Finder or applications menu.
If you already know the network interface, you’ll use to monitor the network, you can launch Wireshark by running the following command, where
$ sudo wireshark -i <Device> -k
Note: You can find additional launching options at
To begin understanding Wireshark, let’s divide the screen into 6 sections: Menu, toolbar, packet list pane, packet details pane and packet bytes pane. The following screenshot shows the location of each section.
Packet List: The Packet List section displays packets in the capture file. The available columns show the number of packets in the file, the packet’s timestamp, the source and destination addresses, the protocol and packet length. The Info column shows additional information. If you select a packet in this section, more details on the specific packet will be shown in the “Packet Details” and “Packet Bytes” panes.
Packet Details: The Packets Details pane shows additional information on protocols, including response time, TCP analysis, checksum and IP geolocation. This pane also will show if there are links or a relationship between different packets.
Packet Bytes: This pane displays hex dump of packets, including data offset, sixteen ASCII bytes, sixteen hexadecimal bytes.