From Mageia wiki
$ urpmq -i wireshark Name : wireshark Version : 1.4.11 Release : 1.mga1 Group : Monitoring Size : 21157147 Architecture: x86_64 Source RPM : wireshark-1.4.11-1.mga1.src.rpm URL : http://www.wireshark.org Summary : Network traffic analyzer Description : Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library.
Since mga3 wireshark needs users to be added to 'wireshark' group instead of being run as root. When the wireshark group is added to the user and then logged out/in again wireshark operates normally and captures can be made by regular users.
$ wireshark -n wiresharktest $ tshark -nr wiresharktest Tested a few of the tools from wireshark-tools $ editcap -r wiresharktest wiresharktest50 1-50 Add_Selected: 1-50 Inclusive ... 1, 50 $ mergecap -v -w wiresharkmerged wiresharktest wiresharktest50 mergecap: wiresharktest is type Wireshark/tcpdump/... - libpcap. mergecap: wiresharktest50 is type Wireshark/tcpdump/... - libpcap. mergecap: selected frame_type Ethernet (ether) Record: 1 Record: 2 etc. $ randpkt -b 500 -t dns wireshark_dns.pcap $ wireshark wireshark_dns.pcap $ dftest ip Filter: "ip" dfilter ptr = 0x031faee0 00000 CHECK_EXISTS ip 00001 RETURN $ capinfos wiresharktest50 File name: wiresharktest50 File type: Wireshark/tcpdump/... - libpcap File encapsulation: Ethernet Packet size limit: file hdr: 65535 bytes Number of packets: 50 File size: 7404 bytes Data size: 6580 bytes etc.
