Wireshark by Jean-Christophe Manciot is licensed under a GPLv3 License.

Table of Contents

Wireshark Packages

  • wireshark: Wireshark is a network protocol analyzer, or "sniffer". It uses Qt, a graphical user interface library, and libpcap and npcap as packet capture and filtering libraries. The Wireshark distribution also comes with TShark, which is a line-oriented sniffer (similar to Sun's snoop or tcpdump) that uses the same dissection, capture-file reading and writing, and packet filtering code as Wireshark, and with editcap, which is a program to read capture files and write the packets from that capture file, possibly in a different capture file format, and with some packets possibly removed from the capture. The source code comes from the official upstream repository.

The following features have been implemented:

  • GTK+
  • Qt
  • GNU, GNUTLS & Gcrypt libraries
  • IPv4 & IPv6 name resolution
  • GeoIP which enables you to use IP geolocation databases mapping IPv4 & IPv6 adresses to city, country & AS number from for instance the official MAXMIND repository


There are no issues - except from potential security ones - running wireshark-gtk (GTK+ version) or wireshark (Qt version) as root. If you want to run it as a normal user, here's the procedure (if you've answered no during the installation proess):

  • sudo -s
  • groupadd -g wireshark
  • usermod -a -G wireshark your-user-name
  • chgrp wireshark /usr/bin/dumpcap
  • chmod 4750 /usr/bin/dumpcap

As a normal user, run wireshark, wireshark-gtk or double-click on one of Wireshark icons in /usr/share/applications inside a file manager.