tshark

Packet analysis tool, CLI version of Wireshark. More information: https://tshark.dev/.

  • Monitor everything on localhost:

tshark

  • Only capture packets matching a specific capture filter:

tshark -f 'udp port 53'

  • Only show packets matching a specific output filter:

tshark -Y 'http.request.method == "GET"'

  • Decode a TCP port using a specific protocol (e.g. HTTP):

tshark -d tcp.port==8888,http

  • Specify the format of captured output:

tshark -T json|text|ps|…

  • Select specific fields to output:

tshark -T fields|ek|json|pdml -e http.request.method -e ip.src

  • Write captured packet to a file:

tshark -w path/to/file

  • Analyze packets from a file:

tshark -r path/to/file.pcap

தமிழ் version
Report New Issue View Source