New add-on as of Core Update 132.

tshark is a network protocol analyzer. It has many possible uses, including capturing packet data from live connections, reading packets from a previously saved capture file, printing a decoded form of those packets to the standard output, and writing the packets to a file.

Current features:

  • Deep inspection of hundreds of protocols
  • Live capture and offline analysis
  • VoIP analysis
  • Read/write different capture file formats
  • Collection of various types of statistics
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring can be applied for quick intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text


tshark can be installed with the Pakfire web interface or via the console:

pakfire install tshark


There is no web interface for this Addon. To run this Addon open the client console or terminal and access the IPFire box via SSH.

To obtain a list of possible commands and parameters use:
tshark -h