Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire.

Please join in and help us improving it!


New add-on as of Core Update 132.

tshark is a network protocol analyzer. It has many possible uses, including capturing packet data from live connections, reading packets from a previously saved capture file, printing a decoded form of those packets to the standard output, and writing the packets to a file.

Current features:
* Deep inspection of hundreds of protocols
* Live capture and offline analysis
* VoIP analysis
* Read/write different capture file formats
* Collection of various types of statistics
* Capture files compressed with gzip can be decompressed on the fly
* Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others
* Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
* Coloring can be applied for quick intuitive analysis
* Output can be exported to XML, PostScript®, CSV, or plain text


tshark can be installed with the Pakfire web interface or via the console:

pakfire install tshark


There is no web interface for this Addon. To run this Addon open the client console or terminal and access the IPFire box via SSH.

To obtain a list of possible commands and parameters use:
tshark -h

Edit Page ‐ Yes, you can edit!

Older Revisions • May 30 at 8:23 am • Erik Kapfer