Wireshark Alternatives for Linux
There are many alternatives to Wireshark for Linux if you are looking for a replacement. The best Linux alternative is tcpdump, which is both free and Open Source. If that doesn't suit you, our users have ranked more than 50 alternatives to Wireshark and many of them are available for Linux so hopefully you can find a suitable replacement. Other interesting Linux alternatives to Wireshark are CloudShark (Paid), Intercepter-NG (Free), Nethogs (Free, Open Source) and Ettercap (Free, Open Source).
- tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
tcpdump vs Wireshark opinions
It's open source and use CLI - A web based platform that lets you view, analyze, and share packet capture files in a browser. Works in Safari for iPad and iPhone.
- Intercepter-NG is a multifunctional network toolkit for various types of IT specialists. The main purpose is to recover *interesting* data from the network stream and perform different kinds of MiTM attacks.
- Free • Proprietary
- Mac
- Windows
- Linux
- Android
- iPhone
- Android Tablet
- BSD
- iPad
Discontinued
App unavailable on Play Store and website is flagged by modern browsers as potentially malicious.
Warning
Website blocked by modern browsers as possible trojan.
- NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded.
- Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
- Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze. Think of it as strace + tcpdump + lsof + awesome sauce. With a little Lua cherry on top.
- Free • Open Source
- Mac
- Windows
- Linux
No screenshots yet - Ethereal® is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.
Discontinued
- PacketSled is next generation network forensics and breach detection. Continuously monitor for advanced threats and policy violations missed by other defenses, then analyze and remediate in record time.
- Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols).No screenshots yet
- Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes.