Table of Contents

Wireshark Packages

• wireshark: Wireshark is a network protocol analyzer, or "sniffer". It uses Qt, a graphical user interface library, and libpcap and npcap as packet capture and filtering libraries. The Wireshark distribution also comes with TShark, which is a line-oriented sniffer (similar to Sun's snoop or tcpdump) that uses the same dissection, capture-file reading and writing, and packet filtering code as Wireshark, and with editcap, which is a program to read capture files and write the packets from that capture file, possibly in a different capture file format, and with some packets possibly removed from the capture. The source code comes from the official upstream repository.

The following features have been implemented:

• GTK+
• Qt
• GNU, GNUTLS & Gcrypt libraries
• IPv4 & IPv6 name resolution
• GeoIP which enables you to use IP geolocation databases mapping IPv4 & IPv6 adresses to city, country & AS number from for instance the official MAXMIND repository

Notes

There are no issues - except from potential security ones - running wireshark-gtk (GTK+ version) or wireshark (Qt version) as root. If you want to run it as a normal user, here's the procedure (if you've answered no during the installation proess):

• sudo -s
• groupadd -g wireshark
• usermod -a -G wireshark your-user-name
• chgrp wireshark /usr/bin/dumpcap
• chmod 4750 /usr/bin/dumpcap

As a normal user, run wireshark, wireshark-gtk or double-click on one of Wireshark icons in /usr/share/applications inside a file manager.