Install tshark On CentOS Linux Using The Yum Package Manager

I use tshark sometimes to strip down packet captures based on specific variables and needed to install tshark on a CentOS Linux server I recently built for various development tasks. The problem is that when attempting to install tshark using yum it returned an error because there was no package named tshark available in any of the yum repositories I had configured.

Error Attempting To Install tshark Using Yum:

[root@dev ~]# yum list *TSHARK*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons:
 * base:
 * epel:
 * extras:
 * rpmforge:
 * updates:
Error: No matching Packages to list

As you can see above when attempting to locate any packages containing tshark yum returned an error because there were no packages available that contained the word tshark. Next I used the yum with the whatprovides command to find out if any of the packages available in the installed repositories included the tshark command as displayed in the below example.

Use Yum To Search For The Package That Installs Tshark:

[root@dev ~]# yum whatprovides *tshark*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons:
 * base:
 * epel:
 * extras:
 * rpmforge:
 * updates:
addons/filelists                                                                                             |  196 B     00:00
adobe-linux-i386/filelists                                                                                   | 141 kB     00:00
base/filelists_db                                                                                            | 3.9 MB     00:03
epel/filelists_db                                                                                            | 4.0 MB     00:03
extras/filelists_db                                                                                          | 212 kB     00:00
rpmforge/filelists                                                                                           | 3.9 MB     00:04
updates/filelists_db                                                                                         | 2.6 MB     00:02
wireshark-1.0.8-1.el5_3.1.x86_64 : Network traffic analyzer
Repo        : base
Matched from:
Filename    : /usr/sbin/tshark
Filename    : /usr/share/wireshark/tshark.html
Filename    : /usr/share/man/man1/tshark.1.gz

Now we can see that the wireshark RPM package includes the tshark application and the tshark man page. Now all we need to do is install wireshark using yum as displayed below and the tshark command will also be installed.

Install The Wireshark RPM Package Using Yum For The Tshark Application:

[root@dev ~]# yum install wireshark
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons:
 * base:
 * epel:
 * extras:
 * rpmforge:
 * updates:
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package wireshark.x86_64 0:1.0.8-1.el5_3.1 set to be updated
--> Processing Dependency: for package: wireshark
--> Running transaction check
---> Package libsmi.x86_64 0:0.4.5-2.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

 Package                        Arch                        Version                                 Repository                 Size
 wireshark                      x86_64                      1.0.8-1.el5_3.1                         base                       12 M
Installing for dependencies:
 libsmi                         x86_64                      0.4.5-2.el5                             base                      2.4 M

Transaction Summary
Install      2 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 14 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): libsmi-0.4.5-2.el5.x86_64.rpm                                                                         | 2.4 MB     00:02
(2/2): wireshark-1.0.8-1.el5_3.1.x86_64.rpm                                                                  |  12 MB     00:10
Total                                                                                               1.2 MB/s |  14 MB     00:12
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : libsmi                                                                                                       1/2
  Installing     : wireshark                                                                                                    2/2

  wireshark.x86_64 0:1.0.8-1.el5_3.1

Dependency Installed:
  libsmi.x86_64 0:0.4.5-2.el5


When installing the wireshark RPM package it is possible there will be one or more dependencies such as libsmi above that will need to be installed as well. Wireshark is now installed and the below example shows that tshark also successfully installed.

Verify Tshark Version On CentOS Linux After Installing Wireshark:

[root@dev ~]# tshark -v
TShark 1.0.8

Copyright 1998-2009 Gerald Combs <> and contributors.
This is free software; see the source for copying conditions. There is NO

Compiled with GLib 2.12.3, with libpcap 0.9.4, with libz 1.2.3, without POSIX
capabilities, with libpcre 6.6, with SMI 0.4.5, without ADNS, without Lua, with
GnuTLS 1.4.1, with Gcrypt 1.2.4, with MIT Kerberos.

Running on Linux 2.6.18-164.11.1.el5, with libpcap version 0.9.4.

Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-44).

So to install tshark on CentOS Linux simply install Wireshark and any required dependencies using the Yum Package Manager.