tshark Command Examples in Linux

Tshark is a powerful packet analysis tool and a command-line interface (CLI) version of Wireshark. It is an open-source network protocol analyzer that enables users to capture, display, and analyze network packets. Tshark is designed to work on multiple platforms, including Windows, Linux, and macOS.

Tshark captures packets in real-time and provides users with the ability to analyze the contents of these packets. This tool can be used to troubleshoot network issues, monitor network traffic, and identify security vulnerabilities. Tshark supports a wide range of protocols and can decode packet formats for various protocols, including TCP/IP, UDP, HTTP, DNS, and many more.

One of the key benefits of using Tshark is its flexibility and customization. It can be used in a variety of scenarios and can be customized to suit the needs of different users. Tshark can be run from the command line, and users can specify a range of options and filters to analyze specific packets or network traffic. Tshark can also save captured packets to a file for later analysis or export to another tool for further analysis.

tshark Command Examples

1. Monitor everything on localhost:

# tshark

2. Only capture packets matching a specific capture filter:

# tshark -f 'udp port 53'

3. Only show packets matching a specific output filter:

# tshark -Y 'http.request.method == "GET"'

4. Decode a TCP port using a specific protocol (e.g. HTTP):

# tshark -d tcp.port==8888,http

5. Specify the format of captured output:

# tshark -T json|text|ps|…

6. Select specific fields to output:

# tshark -T fields|ek|json|pdml -e http.request.method -e ip.src

7. Write captured packet to a file:

# tshark -w path/to/file

8. Analyze packets from a file:

# tshark -r filename.pcap

Summary

Tshark is a valuable tool for network administrators, security professionals, and anyone who wants to analyze network traffic. It is highly customizable, efficient, and can analyze packets in real-time. The tool is also open-source, which means that it is free to use and can be modified by users to suit their specific needs.

Related Post