WiresharkはGUIベースですが、コマンド版でtsharkが準備されています。
LinuxのCUIで利用する場合や、バッチ連携したりGUIだと重いと言った場合に便利かもしれません。

[root@CentOS64VM tools]# yum install wireshark
Loaded plugins: fastestmirror, presto
Determining fastest mirrors
 * base: ftp.jaist.ac.jp
 * extras: ftp.jaist.ac.jp
 * updates: ftp.jaist.ac.jp
base
extras
updates
updates/primary_db
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package wireshark.x86_64 0:1.2.15-2.el6_2.1 will be installed
--> Processing Dependency: libgnutls.so.26(GNUTLS_1_4)(64bit) for package: wireshark-1.2.15-2.el6_2.1.x86_64
--> Processing Dependency: libsmi.so.2()(64bit) for package: wireshark-1.2.15-2.el6_2.1.x86_64
--> Processing Dependency: libpcap.so.1()(64bit) for package: wireshark-1.2.15-2.el6_2.1.x86_64
--> Processing Dependency: libgnutls.so.26()(64bit) for package: wireshark-1.2.15-2.el6_2.1.x86_64
--> Running transaction check
---> Package gnutls.x86_64 0:2.8.5-4.el6_2.2 will be installed
--> Processing Dependency: libtasn1.so.3(LIBTASN1_0_3)(64bit) for package: gnutls-2.8.5-4.el6_2.2.x86_64
--> Processing Dependency: libtasn1.so.3()(64bit) for package: gnutls-2.8.5-4.el6_2.2.x86_64
---> Package libpcap.x86_64 14:1.0.0-6.20091201git117cb5.el6 will be installed
---> Package libsmi.x86_64 0:0.4.8-4.el6 will be installed
--> Running transaction check
---> Package libtasn1.x86_64 0:2.3-3.el6_2.1 will be installed
--> Finished Dependency Resolution

wireshark

tsharkとtcpdumpでのパケットキャプチャー

[root@CentOS64VM tools]# /usr/sbin/tshark -n -i eth0 tcp port 80
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
  0.000000 192.168.137.1 -> 192.168.137.128 TCP 50018 > 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
  0.114130 192.168.137.1 -> 192.168.137.128 TCP 50019 > 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
  0.250229 192.168.137.1 -> 192.168.137.128 TCP 50020 > 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
  2.999452 192.168.137.1 -> 192.168.137.128 TCP 50018 > 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
  3.111388 192.168.137.1 -> 192.168.137.128 TCP 50019 > 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
  3.251262 192.168.137.1 -> 192.168.137.128 TCP 50020 > 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
^C6 packets captured
[root@CentOS64VM tools]# /usr/sbin/tcpdump -n -i eth0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:24:35.773723 IP 192.168.137.1.50022 > 192.168.137.128.http: Flags [S], seq 3779509450, win 8192, options [mss 1460,nop,wscale 2,nop
19:24:36.784314 IP 192.168.137.1.50023 > 192.168.137.128.http: Flags [S], seq 1774179078, win 8192, options [mss 1460,nop,wscale 2,nop
19:24:37.055527 IP 192.168.137.1.50024 > 192.168.137.128.http: Flags [S], seq 1893589663, win 8192, options [mss 1460,nop,wscale 2,nop
19:24:39.783694 IP 192.168.137.1.50023 > 192.168.137.128.http: Flags [S], seq 1774179078, win 8192, options [mss 1460,nop,wscale 2,nop
19:24:40.063879 IP 192.168.137.1.50024 > 192.168.137.128.http: Flags [S], seq 1893589663, win 8192, options [mss 1460,nop,wscale 2,nop
19:24:41.795255 IP 192.168.137.1.50022 > 192.168.137.128.http: Flags [S], seq 3779509450, win 8192, options [mss 1460,nop,nop,sackOK],
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
[root@CentOS64VM tools]#

tshark

[root@CentOS64VM tools]# /usr/sbin/tshark -help
TShark 1.2.15
Dump and analyze network traffic.
See http://www.wireshark.org for more information.

Copyright 1998-2011 Gerald Combs and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Usage: tshark [options] …

Capture interface:
-i name or idx of interface (def: first non-loopback)
-f packet filter in libpcap filter syntax
-s packet snapshot length (def: 65535)
-p don’t capture in promiscuous mode
-y link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit

Capture stop conditions:
-c stop after n packets (def: infinite)
-a … duration:NUM – stop after NUM seconds
filesize:NUM – stop this file after NUM KB
files:NUM – stop after NUM files
Capture output:
-b … duration:NUM – switch to next file after NUM secs
filesize:NUM – switch to next file after NUM KB
files:NUM – ringbuffer: replace after NUM files
Input file:
-r set the filename to read from (no pipes or stdin!)

Processing:
-R packet filter in Wireshark display filter syntax
-n disable all name resolutions (def: all enabled)
-N enable specific name resolution(s): “mntC”
-d ==,
“Decode As”, see the man page for details
Example: tcp.port==8888,http
Output:
-w set the output filename (or ‘-‘ for stdout)
-C start with specified configuration profile
-F set the output file type, default is libpcap
an empty “-F” option will list the file types
-V add output of packet tree (Packet Details)
-S display packets even when writing to a file
-x add output of hex and ASCII dump (Packet Bytes)
-T pdml|ps|psml|text|fields
format of text output (def: text)
-e field to print if -Tfields selected (e.g. tcp.port);
this option can be repeated to print multiple fields
-E= set options for output when -Tfields selected:
header=y|n switch headers on and off
separator=/t|/s| select tab, space, printable character as separator
quote=d|s|n select double, single, no quotes for values
-t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)
-l flush standard output after each packet
-q be more quiet on stdout (e.g. when using statistics)
-X : eXtension options, see the man page for details
-z various statistics, see the man page for details

Miscellaneous:
-h display this help and exit
-v display version info and exit
-o : … override preference setting
-K keytab file to use for kerberos decryption
[root@CentOS64VM tools]#

関連ページ
Wireshark (旧 Ethereal)によるネットワーク解析

参考ページ
tshark (WiresharkのCLI版) の使い方
WireSharkの裏技 〜 コマンドラインで実行できる「TShark」
tcpdump ネットワーク上を流れるパケットを監視する


━ Wireshark ━
http://www.wireshark.org/
WiresharkはEtherealとして広く利用されてきた、Packet Captureツールです。
パケットキャプチャーしてネットワーク解析したい時に便利です。
ダウンロードは以下のサイトから
http://www.wireshark.org/download.html

━ STONE ━
http://www.gcd.org/sengoku/stone/
特定のネットワーク接続が分かっていて、詳しく調査したい場合はstoneが便利。
たとえば、アプリケーションの動作確認や接続コマンドを接続先に負荷を
かけずに調査したりする事が出来ます。(Repeaterとして利用)

ダウンロードは以下のサイトから
* stone version 2.3e
http://www.gcd.org/sengoku/stone/stone-2.3e.tar.gz
* stone version 2.3e for WindowsXP
http://www.gcd.org/sengoku/stone/stonexp-2.3e.zip

stone1