Gentoo Wiki




Wireshark is a free packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications protocol development, and education. In June 2006 the project was renamed from Ethereal due to trademark issues.


Just use emerge to install wireshark. emerge --ask --verbose wireshark. If you want a GUI to comfortably look at all the data you captured, add the gtk useflag before building wireshark: echo net-analyzer/wireshark gtk >> /etc/portage/package.use

It's also advised to add your normal user to the wireshark group, although it seems to work without doing this on my machine. If you want to add the user "noname" to the wireshark group, do a usermod -a -G wireshark noname


Running Wireshark the right way

The Wireshark wiki advises users of linux distributions to capture the network data with the program dumpcap (included with Wireshark), as Wireshark itself should not be trusted with root privileges.

Type dumpcap -h to get an idea of possible ways to use it. An example would be dumpcap -i eth0 -a duration:60 -w output.pca, which captures all data (= promiscious mode) coming to the device eth0 for a duration of 60 seconds and writes the resulting data into the file "output.pca".

When the capturing process is finished you should give the user read access to the "output.pca" file, startup Wireshark as a non-root user and open the output.pca file.

Running Wireshark as root (Possibly dangerous!)

Wireshark warns the user to not run it as root during install, but it's apperantly not possible to use the GUI to capture network traffic if you start it without root-privileges. If you absolutely need this functionality, do the following:

  1. Edit /etc/profile
  2. Add this line to /etc/profile:
File: /etc/profile
   export XAUTHORITY="${HOME}/.Xauthority"  
Note: su will ask you for the root password
Note: It is possible, and possibly simpler to use sudo to launch wireshark instead of su-ing to root first.
Retrieved from ""

Last modified: Wed, 01 Oct 2008 07:51:00 +0000 Hits: 7,985