snippetbashTip
tshark — Packet analysis tool, CLI version of Wireshark. More information: <https://tshark.dev/#sitemap-in-ts
Viewed 0 times
commandanalysiscliversiontooltsharkpacket
linux
Problem
How to use the
tshark command: Packet analysis tool, CLI version of Wireshark. More information: <https://tshark.dev/#sitemap-in-tshark---help>.Solution
tshark — Packet analysis tool, CLI version of Wireshark. More information: <https://tshark.dev/#sitemap-in-tshark---help>.Monitor everything on localhost:
tsharkOnly capture packets matching a specific capture filter:
tshark -f '{{udp port 53}}'Only show packets matching a specific output filter:
tshark -Y '{{http.request.method == "GET"}}'Decode a TCP port using a specific protocol (e.g. HTTP):
tshark -d tcp.port=={{8888}},{{http}}Specify the format of captured output:
tshark -T {{json|text|ps|...}}Select specific fields to output:
tshark -T {{fields|ek|json|pdml}} -e {{http.request.method}} -e {{ip.src}}Write captured packet to a file:
tshark -w {{path/to/file}}Analyze packets from a file:
tshark -r {{path/to/file.pcap}}Code Snippets
Monitor everything on localhost
tsharkOnly capture packets matching a specific capture filter
tshark -f '{{udp port 53}}'Only show packets matching a specific output filter
tshark -Y '{{http.request.method == "GET"}}'Decode a TCP port using a specific protocol (e.g. HTTP)
tshark -d tcp.port=={{8888}},{{http}}Specify the format of captured output
tshark -T {{json|text|ps|...}}Context
tldr-pages: linux/tshark
Revisions (0)
No revisions yet.