2019-02-07 14:27:17 +00:00
|
|
|
# tshark
|
|
|
|
|
|
2021-05-20 21:13:41 +01:00
|
|
|
> Packet analysis tool, CLI version of Wireshark.
|
2021-06-28 23:48:24 +01:00
|
|
|
> More information: <https://tshark.dev/>.
|
2019-02-07 14:27:17 +00:00
|
|
|
|
|
|
|
|
- Monitor everything on localhost:
|
|
|
|
|
|
|
|
|
|
`tshark`
|
|
|
|
|
|
2019-09-18 16:09:38 +01:00
|
|
|
- Only capture packets matching a specific capture filter:
|
|
|
|
|
|
|
|
|
|
`tshark -f '{{udp port 53}}'`
|
|
|
|
|
|
|
|
|
|
- Only show packets matching a specific output filter:
|
2019-02-07 14:27:17 +00:00
|
|
|
|
|
|
|
|
`tshark -Y '{{http.request.method == "GET"}}'`
|
|
|
|
|
|
|
|
|
|
- Decode a TCP port using a specific protocol (e.g. HTTP):
|
|
|
|
|
|
|
|
|
|
`tshark -d tcp.port=={{8888}},{{http}}`
|
|
|
|
|
|
|
|
|
|
- Specify the format of captured output:
|
|
|
|
|
|
|
|
|
|
`tshark -T {{json|text|ps|…}}`
|
|
|
|
|
|
|
|
|
|
- Select specific fields to output:
|
|
|
|
|
|
|
|
|
|
`tshark -T {{fields|ek|json|pdml}} -e {{http.request.method}} -e {{ip.src}}`
|
|
|
|
|
|
|
|
|
|
- Write captured packet to a file:
|
|
|
|
|
|
|
|
|
|
`tshark -w {{path/to/file}}`
|
|
|
|
|
|
|
|
|
|
- Analyze packets from a file:
|
|
|
|
|
|
2020-05-22 13:31:24 +01:00
|
|
|
`tshark -r {{filename}}.pcap`
|
