mirror of
https://github.com/tldr-pages/tldr.git
synced 2025-08-16 12:15:49 +02:00
8ebd171d6f
Co-authored-by: marchersimon <50295997+marchersimon@users.noreply.github.com> Co-authored-by: Seth Falco <seth@falco.fun> Co-authored-by: Patrice Denis <patricedenis@users.noreply.github.com>
35 lines
722 B
Markdown
35 lines
722 B
Markdown
# tshark
|
|
|
|
> Packet analysis tool, CLI version of Wireshark.
|
|
|
|
- Monitor everything on localhost:
|
|
|
|
`tshark`
|
|
|
|
- Only capture packets matching a specific capture filter:
|
|
|
|
`tshark -f '{{udp port 53}}'`
|
|
|
|
- Only show packets matching a specific output filter:
|
|
|
|
`tshark -Y '{{http.request.method == "GET"}}'`
|
|
|
|
- Decode a TCP port using a specific protocol (e.g. HTTP):
|
|
|
|
`tshark -d tcp.port=={{8888}},{{http}}`
|
|
|
|
- Specify the format of captured output:
|
|
|
|
`tshark -T {{json|text|ps|…}}`
|
|
|
|
- Select specific fields to output:
|
|
|
|
`tshark -T {{fields|ek|json|pdml}} -e {{http.request.method}} -e {{ip.src}}`
|
|
|
|
- Write captured packet to a file:
|
|
|
|
`tshark -w {{path/to/file}}`
|
|
|
|
- Analyze packets from a file:
|
|
|
|
`tshark -r {{filename}}.pcap`
|