How to Install Wireshark on RHEL: Complete Guide with GUI Configuration and Packet Capture Examples


2 views

When installing Wireshark on Red Hat Enterprise Linux (RHEL), you have two primary options:

  1. The Standard Package from the official Wireshark repository (recommended)
  2. Third-party packages from EPEL or other sources

For production systems, I recommend using the official package with this command:

sudo yum install wireshark wireshark-qt

The standard Wireshark package for RHEL includes both CLI (tshark) and GUI components. To verify GUI availability:

rpm -qi wireshark | grep GUI
wireshark --version

Configure capture permissions without root access:

sudo groupadd wireshark
sudo usermod -a -G wireshark $USER
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 4750 /usr/bin/dumpcap

Start capturing on interface eth0:

sudo wireshark -i eth0 -k

For CLI capture and analysis:

tshark -i eth0 -f "tcp port 80" -w capture.pcap -c 100

If you encounter missing dependencies:

sudo yum install qt5-qtbase gcc-c++ libpcap-devel

For SELinux-related capture problems:

sudo setsebool -P wireshark_capture 1

When installing Wireshark on Red Hat Enterprise Linux (RHEL) or CentOS, you'll find multiple package options. The official Wireshark download page lists third-party packages specifically compiled for Red Hat distributions. These are often more reliable than compiling from source due to dependency resolution.

The "Standard Package" under Third-Party Packages is indeed the correct choice for most RHEL/CentOS installations. This package includes:

- Wireshark CLI utilities (tshark, dumpcap)
- Qt-based GUI interface
- All standard dissectors
- RPM package format for clean installation

The most efficient method is using the EPEL repository. First enable EPEL:

sudo yum install epel-release  # RHEL/CentOS 7
sudo dnf install epel-release  # RHEL/CentOS 8+

Then install Wireshark:

sudo yum install wireshark wireshark-gnome  # For GUI version

If you prefer manual installation from downloaded RPMs:

wget https://some-mirror/wireshark-3.6.12-1.el8.x86_64.rpm
sudo rpm -ivh wireshark-*.rpm
sudo yum install -y libsmi  # Optional for SNMP support

To capture packets without root privileges:

sudo usermod -a -G wireshark $USER
newgrp wireshark

Verify GUI functionality by launching:

wireshark &

If the GUI fails to launch, check for:

1. Missing Qt dependencies: sudo yum install qt5-qtbase
2. Display permissions: xhost +local:root
3. SELinux conflicts: sudo setenforce 0 (temporary)