Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community


New add-on as of Core Update 132.

tshark is a network protocol analyzer. It has many possible uses, including capturing packet data from live connections, reading packets from a previously saved capture file, printing a decoded form of those packets to the standard output, and writing the packets to a file.

Current features:

  • Deep inspection of hundreds of protocols
  • Live capture and offline analysis
  • VoIP analysis
  • Read/write different capture file formats
  • Collection of various types of statistics
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring can be applied for quick intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text


tshark can be installed with the Pakfire web interface or via the console:

pakfire install tshark


There is no web interface for this Addon. To run this Addon open the client console or terminal and access the IPFire box via SSH.

To obtain a list of possible commands and parameters use:
tshark -h

Edit Page ‐ Yes, you can edit!

Older Revisions • October 27 at 7:12 pm • Jon