zlogene@gentoo.org Mikle Kolyada bman@gentoo.org Aaron Bauman sam@gentoo.org Sam James Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark has a rich feature set which includes 1) deep inspection of hundreds of protocols, with more being added all the time, 2) live capture and offline analysis, 3) standard three-pane packet browser, 4) captured network data can be browsed via a GUI, or via the TTY-mode TShark utility, 5) the most powerful display filters in the industry, 6) rich VoIP analysis, 7) read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others, 8) capture files compressed with gzip can be decompressed on the fly, 9) live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others, 10) decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2, 11) coloring rules can be applied to the packet list for quick, intuitive analysis, 12) output can be exported to XML, PostScript®, CSV, or plain text. Install androiddump, an extcap interface to capture from Android devices Use media-libs/bcg729 for G.729 codec support in RTP Player Use app-arch/brotli for compression/decompression Install capinfos, to print information about capture files Install captype, to print the file types of capture files Install ciscodump, extcap interface to capture from a remote Cisco router Install dftest, to display filter byte-code, for debugging dfilter routines Install dpauxmon, an external capture interface (extcap) that captures DisplayPort AUX channel data from linux kernel drivers Install dumpcap, to dump network traffic from inside wireshark Install editcap, to edit and/or translate the format of capture files Use net-libs/nghttp2 for HTTP/2 support Build with iLBC support in RTP Player using media-libs/libilbc Use dev-libs/libxml2 for handling XML configuration in dissectors Enable link time optimization Use dev-libs/libmaxminddb for IP address geolocation Install mergecap, to merge two or more capture files into one Build with zip file compression support Use dev-libs/libnl Use net-libs/libpcap for network packet capturing (build dumpcap, rawshark) Install plugin interface demo Install plugins Install randpkt, a utility for creating pcap trace files full of random packets Install randpktdump, an extcap interface to provide access to the random packet generator (randpkt) Install reordercap, to reorder input file by timestamp into output file Use media-libs/sbc for playing back SBC encoded packets Install sdjournal, an extcap that captures systemd journal entries Install sharkd, the daemon variant of wireshark Use net-libs/libsmi to resolve numeric OIDs into human readable format Use media-libs/spandsp for for G.722 and G.726 codec support in the RTP Player Install sshdump, an extcap interface to capture from a remote host through SSH Install text2pcap, to generate a capture file from an ASCII hexdump of packets Install tfshark, a terminal-based version of the FileShark capability Install tshark, to dump and analyzer network traffic from the command line Install udpdump, to get packets exported from a source (like a network device or a GSMTAP producer) that are dumped to a pcap file