commands.sh

tshark

linux

Packet analysis tool, CLI version of Wireshark.

More info →

Examples (8)

Monitor everything on localhost

tshark

Only capture packets matching a specific capture filter

tshark -f 'udp port 53'

Only show packets matching a specific output filter

tshark -Y 'http.request.method == "GET"'

Decode a TCP port using a specific protocol (e.g. HTTP)

tshark -d tcp.port==8888,http

Specify the format of captured output

tshark -T json|text|ps|...

Select specific fields to output

tshark -T fields|ek|json|pdml -e http.request.method -e ip.src

Write captured packet to a file

tshark -w path/to/file

Analyze packets from a file

tshark -r path/to/file.pcap
made by @shridhargupta | data from tldr-pages