$ sudo wireshark &
[1] 28262
$ sudo: wireshark: command not found


[1]+ Exit 1 sudo wireshark


$ which wireshark


$ uname -a
Linux Microknoppix 4.7.9-64 #19 SMP PREEMPT Sat Oct 22 02:39:01 CEST 2016 x86_64 GNU/Linux

What is confusing to me is that I also get:

$ dpkg -l | grep wireshark
ii libwireshark-data 2.2.0+g5368c50-1 all network packet dissection library -- data files
ii libwireshark8:i386 2.2.0+g5368c50-1 i386 network packet dissection library -- shared library
ii wireshark 2.2.0+g5368c50-1 i386 network traffic analyzer - meta-package
ii wireshark-common 2.2.0+g5368c50-1 i386 network traffic analyzer - common files
ii wireshark-gtk 2.2.0+g5368c50-1 i386 network traffic analyzer - GTK+ version

Run:


wireshark-gtk -h

Useful information here:
https://wiki.wireshark.org/CaptureSetup/CapturePrivileges#Other_Linux_based_systems_or_oth er_installation_methods

and here:
http://anonscm.debian.org/viewvc/collab-maint/ext-maint/wireshark/trunk/debian/README.Debian?view=markup

Running:


sudo wireshark-gtk

may work but with warnings that it is dangerous.

Recomendations:
Live DVD with Wireshark: Kali Linux
Installed Linux with Wireshartk available: Debian

Recomendations:
Live DVD with Wireshark: Kali Linux
Installed Linux with Wireshartk available: Debian

What's wrong with Knoppix?

What's wrong with Knoppix?

Well, to quote philo: " may work but with warnings that it is dangerous. "

I thought that the OP was simply looking for a live DVD with Wireshark and made a suggestion. Wireshark is there and given the nature of Kali Linux, Wireshark is unlikely to vanish from it any time soon. When I'm working with a Live DVD I generally am looking to get something done as simply as I can and don't like to have to remember magic prayers to the Linux gods to get things started. I also don't like warnings, at least one reason for that is that I don't think that I know Linux well enough to determine if I can safely ignore the warnings.

Alternately, if the OP is trying to work with an installed system, then I recommend a pure system built from one distro, not the Knoppix approach of hacking different systems together.

running wireshark . . .



_USR=$(whoami)
echo "// __ \$_USR: ${_USR}"


sudo chgrp "${_USR}" /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap


_LOG=$(date +%Y%m%d%H%M%S)"_wireshark-gtk.log"


wireshark-gtk -i eth0 -w "${_LOG}" 2>&1