Command-line packet analyzer for monitoring, capturing, and filtering network traffic in real time. Supports TCP/IP protocols, pcap file export, BPF syntax, timestamped outputs, and works on UNIX-like systems with both wired and wireless interfaces.



There are many alternatives to Wireshark for Linux if you are looking for a replacement. The best open source Linux alternative is tcpdump. If that doesn't suit you, our users have ranked more than 50 alternatives to Wireshark and many of them are open source and available for Linux so hopefully you can find a suitable replacement. Other interesting open source Linux alternatives to Wireshark are NetworkMiner, Proxyman, Ettercap and Termshark.
Command-line packet analyzer for monitoring, capturing, and filtering network traffic in real time. Supports TCP/IP protocols, pcap file export, BPF syntax, timestamped outputs, and works on UNIX-like systems with both wired and wireless interfaces.



NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can extract transmitted files and certificates from PCAP files containing HTTP, FTP, SMB, SMB2, TFTP and several other protocols.




Monitor, intercept and debug HTTP/HTTPS and WebSocket traffic on macOS, iOS, Windows, and Linux. Includes advanced features such as Breakpoint, Map Local/Remote, scripting, filtering, reverse proxy, DNS spoofing, and automation for backend development.




Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.

If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help!
Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze. Think of it as strace + tcpdump + lsof + awesome sauce.





It's open source and use CLI