Tshark
Jump to navigation
Jump to search
Description
tshark is the equivalent of Wireshark in based on the Command Line Interface (CLI).
Installation
# apt-get install tshark
Usage
Options
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Capture filters
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Display filters
Syntax:
tshark -R 'filter' -r capture.pcap
Some common filters:
- http
- http.request
- http.response
- dns
- ip
- ip.addr==192.168.1.0/24
- ip.src
- smtp.req.command contains "RCPT"
Keywords:
- contains (ex: dns contains windows)
Online resources
- http://www.wireshark.org/docs/dfref/: Tshark filters are the same as Wireshark filters. The complete list by protocol is available online
- http://www.codealias.info/technotes/the_tshark_capture_and_filter_example_page