Without any options set, TShark will work much like tcpdump. TShark's native capture file format is pcapng format, which is also the format used by Wireshark and various other tools. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. Analyze packets from a file: tshark -r path/to/file.pcap.Write captured packet to a file: tshark -w path/to/file.Select specific fields to output: tshark -T fields|ek|json|pdml -e -e ip.src.Specify the format of captured output: tshark -T json|text|ps|…. Decode a TCP port using a specific protocol (e.g.Only show packets matching a specific output filter: tshark -Y ' = "GET"'.Only capture packets matching a specific capture filter: tshark -f ' udp port 53'.Monitor everything on localhost: tshark.Dump and analyze network traffic Examples (TL DR)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |