diff --git a/README.md b/README.md
index ae91ded6..29d0c041 100644
--- a/README.md
+++ b/README.md
@@ -94,6 +94,7 @@ If you have a spare domain name you can configure applications to be accessible
 * [Virtual Desktop](https://github.com/RattyDAVE/docker-ubuntu-xrdp-mate-custom) - A virtual desktop running on your NAS.
 * [Wallabag](https://wallabag.org/) - Save and classify articles. Read them later.
 * [Watchtower](https://github.com/v2tec/watchtower) - Monitor your Docker containers and update them if a new version is available
+* [Wireshark](https://www.wireshark.org/) - the world’s foremost and widely-used network protocol analyzer.
 * [YouTubeDL-Material](https://github.com/Tzahi12345/YoutubeDL-Material) - Self-hosted YouTube downloader built on Material Design
 * [ZNC](https://wiki.znc.in/ZNC) - IRC bouncer to stay connected to favourite IRC networks and channels
 
diff --git a/docs/applications/wireshark.md b/docs/applications/wireshark.md
new file mode 100644
index 00000000..34442ab1
--- /dev/null
+++ b/docs/applications/wireshark.md
@@ -0,0 +1,11 @@
+# Wireshark
+
+Homepage: <https://www.wireshark.org/>
+
+Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.
+
+## Usage
+
+Set `wireshark_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+The Wireshark web interface can be found at <http://ansible_nas_host_or_ip:3000>.
diff --git a/docs/configuration/application_ports.md b/docs/configuration/application_ports.md
index 042b6050..a2f8b21f 100644
--- a/docs/configuration/application_ports.md
+++ b/docs/configuration/application_ports.md
@@ -100,5 +100,6 @@ By default, applications can be found on the ports listed below.
 | uTorrent         | 6881    | Bridge  | BT             |
 | uTorrent         | 6881    | Bridge  | UDP            |
 | Wallabag         | 7780    | Bridge  | HTTP           |
+| Wireshark        | 3000    | Host    | HTTP           |
 | YouTubeDL-Mater  | 8998    | Bridge  | HTTP           |
 | ZNC              | 6677    | Bridge  |                |
diff --git a/nas.yml b/nas.yml
index 3e9cf2d7..cd72f821 100644
--- a/nas.yml
+++ b/nas.yml
@@ -212,7 +212,7 @@
 
     - role: n8n
       tags:
-        - n8n_enabled
+        - n8n
       when: (n8n_enabled | default(False))
 
     - role: navidrome
@@ -375,6 +375,11 @@
         - watchtower
       when: (watchtower_enabled | default(False))
 
+    - role: wireshark
+      tags:
+        - wireshark
+      when: (wireshark_enabled | default(False))
+
     - role: znc
       tags:
         - znc
diff --git a/roles/duplicati/tasks/main.yml b/roles/duplicati/tasks/main.yml
index 0b5771ea..291fe15e 100644
--- a/roles/duplicati/tasks/main.yml
+++ b/roles/duplicati/tasks/main.yml
@@ -16,7 +16,7 @@
     volumes:
       - "{{ duplicati_data_directory }}:/config:rw"
       - "{{ samba_shares_root }}:/source/shares:{{ duplicati_data_permissions }}"
-      - "{{ docker_home }}:/source/docker:ro"
+      - "{{ docker_home }}:/source/docker:{{ duplicati_data_permissions }}"
       - "/etc/timezone:/etc/timezone:ro"
     env:
       TZ: "{{ ansible_nas_timezone }}"
diff --git a/roles/healthchecks.io/tasks/main.yml b/roles/healthchecks.io/tasks/main.yml
index 47289c5a..e9a7e145 100644
--- a/roles/healthchecks.io/tasks/main.yml
+++ b/roles/healthchecks.io/tasks/main.yml
@@ -4,5 +4,4 @@
     name: healthchecks.io
     minute: "*/{{ healthchecks_ping_minutes }}"
     user: root
-    cron_file: /etc/crontab
     job: "curl -m 10 --retry 5 {{ healthchecks_url }}"
diff --git a/roles/wireshark/defaults/main.yml b/roles/wireshark/defaults/main.yml
new file mode 100644
index 00000000..30e729ec
--- /dev/null
+++ b/roles/wireshark/defaults/main.yml
@@ -0,0 +1,17 @@
+---
+# enable or disable the application
+wireshark_enabled: false
+wireshark_available_externally: false
+
+# directories
+wireshark_data_directory: "{{ docker_home }}/wireshark"
+
+# uid / gid
+wireshark_user_id: "1000"
+wireshark_group_id: "1000"
+
+# network
+wireshark_hostname: "wireshark"
+
+# specs
+wireshark_memory: "512m"
diff --git a/roles/wireshark/tasks/main.yml b/roles/wireshark/tasks/main.yml
new file mode 100644
index 00000000..318ecaae
--- /dev/null
+++ b/roles/wireshark/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+- name: Create Wireshark Directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ wireshark_data_directory }}"
+    - "{{ wireshark_data_directory }}/config"
+
+- name: Create Wireshark Docker Container
+  docker_container:
+    name: wireshark
+    image: linuxserver/wireshark:latest
+    pull: true
+    volumes:
+      - "{{ wireshark_data_directory }}/config:/config:rw"
+    network_mode: host
+    env:
+      TZ: "{{ ansible_nas_timezone }}"
+      PUID: "{{ wireshark_user_id }}"
+      PGID: "{{ wireshark_group_id }}"
+    capabilities:
+      - NET_ADMIN
+    restart_policy: unless-stopped
+    memory: "{{ wireshark_memory }}"
+    labels:
+      traefik.enable: "{{ wireshark_available_externally | string }}"
+      traefik.http.routers.wireshark.rule: "Host(`{{ wireshark_hostname }}.{{ ansible_nas_domain }}`)"
+      traefik.http.routers.wireshark.tls.certresolver: "letsencrypt"
+      traefik.http.routers.wireshark.tls.domains[0].main: "{{ ansible_nas_domain }}"
+      traefik.http.routers.wireshark.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+      traefik.http.services.wireshark.loadbalancer.server.port: "3000"