Wireshark 3 0

11/27/2021by admin
4 min    Ross Jacobs    July 7, 2019

Capturing USB traffic on macOS is possible since Wireshark 2.4.0, libpcap 1.9.0, and macOS High Sierra, using the XHC20 interface. In order to capture on that interface, you will first have to run the command. In macOS Catalina, you apparently have to disable System Integrity Protection to capture USB traffic. Download Wireshark. The current stable release of Wireshark is 3.4.7. It supersedes all previous releases. Stable Release (3.4.7) Windows Installer (64-bit) Windows Installer (32-bit) Windows PortableApps® (32-bit) macOS Intel 64-bit.dmg. The version of Wireshark installed on the remote Windows host is prior to 3.0.4. It is, therefore, affected by a vulnerability as referenced in the wireshark-3.0.4 advisory. The Gryphon dissector could go into an infinite loop. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire.

Table of Contents

Quicklinks: Wireshark: Installation Chapter

Wireshark 3 0

Install Wireshark with a Package Manager

Where available, prefer your package manager. Note that Wireshark v3 is not currently available on many Linux package managers (this will change soon).

SystemInstall CommandLatest Version
Linux$PkgManager install wireshark2.6.8 and below
Macosbrew install --cask wireshark3.0.2
Windowschoco install wireshark3.0.2

Installing tshark Only

Note: If you have not used tshark before, you should install the wiresharkpackage as above before limiting yourself to the CLI.


If you want to install just tshark and no Qt/GUI components, this is possible onvarious linux distributions. The package is called tshark or wireshark-clidepending on the platform.

Install the package tshark:

  • Alpine >= 3.9
  • Debian >= 9
  • FreeBSD >= 11
  • OpenMandriva >= 3.0
  • PCLinuxOS
  • Ubuntu >= 14.04

Install the package wireshark-cli.

  • Arch Linux
  • CentOS >= 8
  • Fedora >= 30
  • RedHat

For up-to-date package information, check the package registry fortshark andwireshark-cli

Download wireshark 64

Install with a package

To get the most up-to-date official packages, visit Wireshark’s Download Page.

There are multiple packages available from Wireshark’s download page. The installation is simple, but make sure to check the components that.

Install from Source

Linux currently does not have packages in official repositories, so if you want the latest, you have to build it (this will likely change soon).

Linux, v3.0.0

You need to install from source to get v3 on Linux. This will get a clean system on Ubuntu18.04 to an install:

If you are on a different system, only the last 3 steps apply. Make sure thatyou’ve satisfied the other dependencies. cmake will kindly let you know if youhaven’t.

Check Installation

1. Check Version

Wireshark 3 0

If the version doesn’t match the expected one, you may want toinstall from source or use Wireshark’s download page.

2. Check Interfaces

tshark -D will list all interfaces that it sees.

dumpcap does not see and cannot capture on virtual interfaces. This means that dumpcap -D will show fewer interfaces than tshark -D.

Different systems will report different interfaces. tshark will treat the first interface as the default interface and capture from it by default.In other words, tshark aliases to tshark -i 1. You may need to use sudo depending on your installation.Default interfaces on installs of macos, windows, linux, and freebsd are shown below.

3. Test Live Capture

Entering the tshark command should immediately start capturing packets on the default interface. If you donot see packets, check out Choosing an Interface.

4. Make Sure Utilities are on $PATH

Setting up your environment should be done once and done well. There are a coupleAdditional work is usually necessary to make sure all utilities are on the path.


You can verify whether all are installed with the following:

If a util is installed but not on your $PATH, you can use find / -name $util 2>/dev/nullto find out where it may be. For example, on Linux for 3.0.0, extcap tools areat /usr/lib/x86_64-linux-gnu/wireshark/extcap. To add them to your path, useecho 'export PATH=$PATH:$folder' >> ~/.profile.

Powershell on Windows


Currently, extcap utils need to bemoved from Wiresharkextcap => Wiresharkto be useable. If you have not added your %Program Files% to your $PATH, you cando that with an Admin user:

'PATH', '$PATH;$ENV:ProgramFilesWireshark', 'Machine')

You will need to reopen Powershell for the $PATH to be updated.


i want to install Wireshark 3.0.1 on CentOS 6.10.

I use :

-gcc /g++ 4.8.5

-glibc 2.17

I had installed all the dependencies and the cmake3 command is OK :

editretagflag offensiveclosemergedelete


Those types don't come from glibc, they come from GLib. What versions of GLib are on the CentOS 6 and CentOS 7 systems?

Hello, on CentOS 7 it's glib2-2.54 and on CentOS 6 it's glib2-2.28.

I tried to upgrade the version on CentOS 6 but newer versions of glib are specific to CentOS 7 (require filesystem version > 3.0, CentOS 6 is 2.4).

Wireshark 3.0.6

Is there a way to compile without upgrading glib or it is simply impossible to have Wireshark 3.0 on CentOS 6 ?

Comments are closed.