tshark is command line interface (CLI) tool used to capture and analyze network traffic. This can be used as a substitute of Wireshark if you enjoy working on black CLI screen. The complete manual of tshark available on the link: https://www.wireshark.org/docs/man-pages/tshark.html
This guide is for beginners who want to use some basic commands of tshark. Here, I am listing some basic commands which help you to capture and analyze the network traffic.
Installation on Ubuntu
#sudo apt-get install tshark
1. All tshark commands displayed on your machine
#sudo tshark -h
2. Capture network traffic with tshark by providing interface
#sudo tshark -i <interface>
3. Capture network packets and copy in file traffic-capture.pcap
#tshark -i <interface> -w <file-name>.pcap
4. Read captured packets with tshark by providing input pcap file
#tshark -i eth0 -r <file-name>.pcap
5. Capture packets and copy traffic into .pcap file for the particular duration.
#tshark -i <interface> -a duration:<time>
Note: <time> is in seconds
6. Check the version of tshark
7. Capture the specific number of packets
#tshark -c <number> -i <interface>
8. List out all the interfaces available to capture the network traffic
9. Capture only packets from the specific source or destination IP
#tshark -i <interface> -f “host <IP>”
10. Capture only specific protocol network packets
#tshark -i <interface> -f “<protocol>”
Note: <protocol> may be tcp, udp, dns etc.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.