wireshark – a powerful sniffer, with a GUI, which can decode lots of protocols, lots of filters. tshark – command line version of wireshark dumpcap (part of wireshark) – can only capture traffic and can be used by wireshark / tshark tcpdump – limited protocol decoding but available on most *NIX platforms