tshark
Packet analysis tool, CLI version of Wireshark. More information: <https://tshark.dev/>.
Install
- All systems
-
curl cmd.cat/tshark.sh
- Debian
-
apt-get install tshark - Ubuntu
-
apt-get install tshark -
Alpine
-
apk add tshark - Arch Linux
-
pacman -S tshark - Kali Linux
-
apt-get install tshark - CentOS
-
yum install tshark - Fedora
-
dnf install wireshark-cli - Windows (WSL2)
-
sudo apt-get updatesudo apt-get install tshark - Raspbian
-
apt-get install tshark - Dockerfile
- dockerfile.run/tshark
- Docker
-
docker run cmd.cat/tshark tsharkpowered by Commando
Packet analysis tool, CLI version of Wireshark. More information: <https://tshark.dev/>.
-
Monitor everything on localhost:
tshark -
Only capture packets matching a specific capture filter:
tshark -f 'udp port 53' -
Only show packets matching a specific output filter:
tshark -Y 'http.request.method == "GET"' -
Decode a TCP port using a specific protocol (e.g. HTTP):
tshark -d tcp.port==8888,http -
Specify the format of captured output:
tshark -T json|text|ps|… -
Select specific fields to output:
tshark -T fields|ek|json|pdml -e http.request.method -e ip.src -
Write captured packet to a file:
tshark -w path/to/file -
Analyze packets from a file:
tshark -r path/to/file.pcap
© tl;dr; authors and contributors