For IST 220 and SRA 111, we use an Ubuntu Linux virtual machine running Wireshark to explore the basics of how packets travel over a network. This page is designed to guide the novice user through the process of creating a virtual machine, installing Ubuntu Linux, and then installing Wireshark. Instructions are provided for Mac users, but the Windows installation process is nearly identical. All of the software we’ll be using is free.
Here’s an overview of what we’ll be doing:
- Part 1: Download Ubuntu
- Part 2: Download and Install VirtualBox
- Part 3: Install Ubuntu
- Part 4: Install Wireshark
- Part 5: Tips and Suggestions
This looks like a lot of steps, but that’s only because I’ve tried to be as explicit as possible. The entire process won’t take very long and is actually quite easy to complete.
Part 1: Download Ubuntu
Our virtual machine needs an operating system. We’ll be using Ubuntu Linux because it’s free, has a nice user interface which should be very familiar to Mac and Windows users, and is updated frequently.
It makes sense to start this part first, because the download is quite large (over 700 MB) and may take a while to complete.
- Visit http://www.ubuntu.com/download/desktop. For these instructions, we’ll be using Ubuntu 12.04 LTS. Under “Choose your flavour,” select “32-bit (for machines with less than 2GB RAM)”; even if your actual desktop/laptop has a 64-bit processor, this will still work. Then click the red “Ubuntu 12.04 LTS” button.
- The next page asks for money; scroll down to the bottom and click “Not now, take me to the download”. The Ubuntu .iso file that we need will begin to download. While that’s happening, you can move on to Part 2.
Part 2: Download and Install VirtualBox
- Download VirtualBox at https://www.virtualbox.org/wiki/Downloads. As of this writing, the current version number is 4.3.8, so you’d click the “x86/amd64” link next to “VirtualBox 4.3.8 for OS X hosts”. Note that VirtualBox issues updates fairly frequently, and you will be notified when new updates are available; you should install theses updates using the same procedure as the one described here.
- Double-click the .dmg file you downloaded. In the window that opens, double-click VirtualBox.pkg.
- Run the VirtualBox installer. The default options are good.
Part 3: Install Ubuntu
- Open the VirtualBox application, which can now be found in your Applications folder. When it launches, click the blue “New” button in the toolbar. Type “Ubuntu” in the “Name” field, and click “Continue.” Set the “Memory size” to “2000”. On the next screen, select “Create a virtual hard drive now”. Select “Continue” on the sheet that appears. Select “Dynamically allocated,” and then select “VDI” on the following page. Then click “Create”. Then click the green “Start” button. Soon a screen will appear asking, “Please select a virtual optical disk file or a physical optical drive containing a disk to start your new virtual machine from.” Click the small yellow folder icon in the lower-right corner. Then go to your Downloads folder (or wherever you downloaded the Ubuntu .iso file in Part 1), select it, and click “Open.” Then click “Start.”
- Make sure your computer is plugged in for power, and that your computer is connected to the Internet.
- Ubuntu will now begin to install itself within your virtual machine. At the welcome screen, set your preferred language and then click “Install Ubuntu”.
- When prompted, check the boxes for “Download updates while installing” and “Install this third-party software.”
- At the “Installation type” screen, select “Erase disk and install Ubuntu”, then click “Continue.”
- At the “Erase disk and install Ubuntu” screen, click “Install Now”.
- While the installation is happening, we’ll be confirming a few settings. First, set your location/time zone.
- Next, select your preferred keyboard layout.
- At the “Who are you?” screen, enter the requested information, including your Ubuntu account password. Be sure to remember your password! I suggest using a password manager like LastPass or 1Password to remember your Ubuntu account password, and all of the other passwords that you use for Web sites that you visit.
- After the installation has completed, click the “Restart Now” button.
- Your machine will restart, and you’ll see some gobbledygook on the screen. When you see the message “Please remove installation media and close the tray (if any) then press ENTER” at the bottom of the screen, press Enter on your keyboard.
- At the login screen, enter your Ubuntu account password.
- Congratulations, you’re now running Ubuntu! You may notice some oddities, however, such as the Ubuntu desktop not resizing correctly. To fix those, we need to install the VirtualBox Guest Additions for our host operating system. According to the VirtualBox documentation, “Guest Additions are designed to be installed inside a virtual machine after the guest operating system has been installed. They consist of device drivers and system applications that optimize the guest operating system for better performance and usability.” From the VirtualBox application menu, select “Devices”, then “Insert Guest Additions CD image…” A window will appear asking if you would like to run the software. Select “Run”. When prompted, enter your Ubuntu account password. It may take a few minutes for the installation to complete. When you see a message saying “Press Return to close this window…”, press Return on your keyboard.
Part 4: Install Wireshark
- Eject the VirtualBox Guest Additions disk image by right-clicking the picture of the CD on the dock on the left side of your Ubuntu desktop, then selecting “Eject”.
- On the dock, click the Ubuntu Software Center.
- In the text box at the upper-right, type
wireshark, and then press Enter on your keyboard. Click on the result that simply says “Wireshark”. An “Install” button will appear on the right; click “Install”. When prompted, enter your Ubuntu account password.
- After the installation is complete, click the “Dash” icon at the top of your dock, type
terminal, and click on the “Terminal” application.
- We have to enter a few commands so that Wireshark can “see” your virtual network interfaces. A network interface is simply software and/or hardware that allows a machine to connect to a network. Here, the Ubuntu virtual machine is utilizing your computer’s Internet connection. To make this work, type the following command in the Terminal window:
sudo dpkg-reconfigure wireshark-common. You’ll be prompted for your Ubuntu account password. As you type in your password, you will not see the letters appear on screen; this is a security measure. At the “Configuring wireshark-common” screen, select “
“, then press Enter.
- At the next prompt, type
sudo chmod +x /usr/bin/dumpcap, then press Enter. Don’t worry, you won’t have to ever enter these commands again for this virtual machine; this is a one-time process.
- Close the Terminal window, and launch Wireshark by clicking the blue Wireshark icon in the dock.
- The video below demonstrates all of the steps in Part 4, as well as how to use Wireshark to capture some Web traffic.
Part 5: Tips and Suggestions
- As with any software package, it’s vital that you install the latest updates for Ubuntu. To do that, click the gear icon in the upper-right corner of the screen, then select “Updates Available…” Even if you’ve just installed Ubuntu, there will be updates available! Click the orange “Install Updates” button. When prompted, enter your Ubuntu account password. It may take quite a while for all of the updates to download and install.
- After you’ve installed software updates, shut down your virtual machine by clicking the gear icon in the upper-right corner, then selecting “Shut Down…” One of the great things about virtual machines is that you can easily create a “snapshot” of your machine. This allows you to take a picture of how the virtual machine exists at a point in time, and then return it to that state later if you screw something up! Since you’ve got everything nice and neat right now, this is a good time to create a snapshot. Open the VirtualBox Manager, and make sure that “Ubuntu” is selected in the list on the left. Click the “Snapshots” button in the upper-right portion of the window. Click the blue “Take Snapshot” button, and give the snapshot a name and description of your choice. If you ever need to return the virtual machine to that snapshot state, simply click the “Restore Snapshot” button.
- Using the same process that you did when you installed Wireshark, I also recommend using the Ubuntu Software Center to install the gedit text editor by searing for “gedit” (the application will be displayed as “Text Editor”).
- Ubuntu comes pre-loaded with the Firefox Web browser. If you’d prefer to use Google Chrome, you can install it by visiting the Chrome download page, and following the instructions. After the installation is completed, run
google-chrome-stablefrom the Terminal. The video below demonstrates the process.
- You can learn more about Ubuntu from the Ubuntu online tour.
- An excellent resource for learning more about Wireshark is Chris Sanders’ Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems. At the moment, a full-text PDF of the book is available here.
- Check out my Linux Resources page with more information about using Linux.