tshark Dump and analyze network traffic

tshark - Dump and analyze network traffic

TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark’s native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.

Without any options set, TShark will work much like tcpdump. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet.

Example :

# tshark -n -i ppp0 port 80
Running as user “root” and group “root”. This could be dangerous.
Capturing on ppp0

-n Disable network object name resolution (such as hostname, TCP and UDP port names), the -N flag might override this one.

-i [capture interface]

Tags: , , , ,

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.