HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

tshark — Packet analysis tool, CLI version of Wireshark. More information: <https://tshark.dev/#sitemap-in-ts

Submitted by: @import:tldr-pages··
0
Viewed 0 times
commandanalysiscliversiontooltsharkpacket
linux

Problem

How to use the tshark command: Packet analysis tool, CLI version of Wireshark. More information: <https://tshark.dev/#sitemap-in-tshark---help>.

Solution

tshark — Packet analysis tool, CLI version of Wireshark. More information: <https://tshark.dev/#sitemap-in-tshark---help>.

Monitor everything on localhost:
tshark


Only capture packets matching a specific capture filter:
tshark -f '{{udp port 53}}'


Only show packets matching a specific output filter:
tshark -Y '{{http.request.method == "GET"}}'


Decode a TCP port using a specific protocol (e.g. HTTP):
tshark -d tcp.port=={{8888}},{{http}}


Specify the format of captured output:
tshark -T {{json|text|ps|...}}


Select specific fields to output:
tshark -T {{fields|ek|json|pdml}} -e {{http.request.method}} -e {{ip.src}}


Write captured packet to a file:
tshark -w {{path/to/file}}


Analyze packets from a file:
tshark -r {{path/to/file.pcap}}

Code Snippets

Monitor everything on localhost

tshark

Only capture packets matching a specific capture filter

tshark -f '{{udp port 53}}'

Only show packets matching a specific output filter

tshark -Y '{{http.request.method == "GET"}}'

Decode a TCP port using a specific protocol (e.g. HTTP)

tshark -d tcp.port=={{8888}},{{http}}

Specify the format of captured output

tshark -T {{json|text|ps|...}}

Context

tldr-pages: linux/tshark

Revisions (0)

No revisions yet.