Wireshark

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

Permissions
As wireshark captures from hardware, it needs permissions set to enable capturing. To use wireshark as a normal user, add user to the wireshark group:

To make the session aware of this new group without having to log in again, enter this command before launching wireshark:

Network Name Resolution
To automatically resolve IP addresses to domain names, open the preferences window from, clicking the panel and selecting the Enable Network Name Resolution check box.

Filter packets to a specific IP Address
To see all incoming and outgoing traffic for a specific address, enter ==  in the filter box, replacing  with the relevant IP address. Additionally, to view only incoming traffic, replace with ; to view only outgoing traffic, replace  with.

Terminal-based Wireshark
TShark is Wireshark's terminal-based network protocol analyzer. TShark's native file format is pcap. All packet capture options are listed by entering

For example, to capture packets across a specified network interface and save the results, enter

Replace with the desired network interface and  with the desired filename.

External resources

 * https://wiki.archlinux.org/index.php/wireshark The Arch Linux Wiki entry on Wireshark.