~]# yum install wireshark
That's all there is to it. You can now start capturing packets. In this example, the packets going in and out of the eth0 interfaces are captured to a file named example.pcap. You can now open example.pcap in the full GUI version of Wireshark to examine the capture.
~]# tshark -w /tmp/example.pcap -i eth0 -P