Wireshark is a great tool for analyzing traffic, whether it could be live traffic on the interface or the .cap file. The tool enables different types of filtering on packets like follow a stream, filter by protocol and IP, etc

In order to install the latest version of Wireshark on Linux, one should build and install it from the source. Sometimes, building from a source is difficult because we have to hunt down the dependencies. That’s what I did for this software.

Depending on your OS and package availability, you may need to install other dependencies. I’m using Ubuntu Mate 16 and I found the below are sufficient for me.

Install Dependencies

$ apt-get install -y \
  qtbase5-dev qtbase5-dev-tools \
  qttools5-dev qttools5-dev-tools \
  qtmultimedia5-dev libqt5svg5-dev \
  libpcap-dev libgcrypt11-dev \
  glib2.0 libgcrypt20-dev \
  libglib2.0-dev ibglib2.0-dev

Get the latest tarball from wireshark

$ wget https://2.na.dl.wireshark.org/src/wireshark-2.4.5.tar.xz
$ tar -xf wireshark-2.4.5.tar.xz
$ cd wireshark-2.4.5

Start building

$ ./configure
$ sudo make install -j2
$ sudo ldconfig
$ sudo wireshark

./configure checks dependencies for Wireshark in your machines. That’s why while running ./configure you may get dependency missing errors. If that is the case, it will show the missing dependency packages name i.e. you can google it and install it.

make install -j2 will take some time, you can have coffee. (Specify jobs that are equal to your number of CPU cores. Ex.-j4 for quad core)