- wireshark: Wireshark is a network protocol analyzer, or "sniffer". It uses Qt, a graphical user interface library, and libpcap and npcap as packet capture and filtering libraries. The Wireshark distribution also comes with TShark, which is a line-oriented sniffer (similar to Sun's snoop or tcpdump) that uses the same dissection, capture-file reading and writing, and packet filtering code as Wireshark, and with editcap, which is a program to read capture files and write the packets from that capture file, possibly in a different capture file format, and with some packets possibly removed from the capture. The source code comes from the official upstream repository.
The following features have been implemented:
- GNU, GNUTLS & Gcrypt libraries
- IPv4 & IPv6 name resolution
- GeoIP which enables you to use IP geolocation databases mapping IPv4 & IPv6 adresses to city, country & AS number from for instance the official MAXMIND repository
There are no issues - except from potential security ones - running wireshark-gtk (GTK+ version) or wireshark (Qt version) as root. If you want to run it as a normal user, here's the procedure (if you've answered no during the installation proess):
groupadd -g wireshark
usermod -a -G wireshark your-user-name
chgrp wireshark /usr/bin/dumpcap
chmod 4750 /usr/bin/dumpcap
As a normal user, run wireshark, wireshark-gtk or double-click on one of Wireshark icons in /usr/share/applications inside a file manager.