> Could somebody recommend any softwarew in 4.2 > ports that has related functionality?
Netdude might be of some use (it's a front-end to tcpdump), but I usually just use tcpdump directly (some tips: -vv to increase verbosity, -X for a hex+ascii dump, -s<##> to increase snap length to capture entire packets rather than just the headers). > http://www.wireshark.org/ and http://www.wireshark.org/ > are not found in ports. This is for security reasons. The dissectors are often not coded with security in mind, which isn't good since they usually work with untrusted network data. For tcpdump(8) in the base system, the dissectors are run with reduced privileges, protecting from this sort of problem, making it safer. Also the UI is built using libraries which are not meant to be run with root privileges (http://www.gtk.org/setuid.html explicitly talks about setuid root programs, but I think this would also apply to any programs which need to run as root: "In the opinion of the GTK+ team, the only correct way to write a setuid program with a graphical user interface is to have a setuid backend that communicates with the non-setuid graphical user interface via a mechanism such as a pipe and that considers the input it receives to be untrusted.") So, really it needs to be split into 3: UI with normal user privileges, privileged access to the network, and reduced privilege for dissectors. There are some wireshark ports floating around where some work has been done towards dropping privileges, but they're not without problems.
