Tshark

From Bonus Bits
(Redirected from Reference:Wireshark)
Jump to: navigation, search

Description

This article gives information on Wireshark "Terminal Shark" (tshark) Command line tool.


Environment

  • macOS + Linux
  • TShark 1.12.1

Syntax

tshark [ -2 ] [ -a <capture autostop condition> ] ...  [ -b <capture ring buffer option>] ...  [ -B <capture buffer size> ]  [ -c <capture packet count> ]
       [ -C <configuration profile> ] [ -d <layer type>==<selector>,<decode-as protocol> ] [ -D ] [ -e <field> ] [ -E <field print option> ] [ -f <capture filter> ]
       [ -F <file format> ] [ -g ] [ -h ] [ -H <input hosts file> ] [ -i <capture interface>|- ] [ -I ] [ -K <keytab> ] [ -l ] [ -L ] [ -n ] [ -N <name resolving flags> ]
       [ -o <preference setting> ] ...  [ -O <protocols> ] [ -p ] [ -P ] [ -q ] [ -Q ] [ -r <infile> ] [ -R <Read filter> ] [ -s <capture snaplen> ] [ -S <separator> ]
       [ -t a|ad|adoy|d|dd|e|r|u|ud|udoy ] [ -T fields|pdml|ps|psml|text ] [ -u <seconds type>] [ -v ] [ -V ] [ -w <outfile>|- ] [ -W <file format option>] [ -x ]
       [ -X <eXtension option>] [ -y <capture link type> ] [ -Y <displaY filter> ] [ -z <statistics> ] [ --capture-comment <comment> ] [ <capture filter> ]

       tshark -G [column-formats|currentprefs|decodes|defaultprefs|fields|ftypes|heuristic-decodes|plugins|protocols|values]


Display to Console

Destination IP and TCP Port

tshark -i eth0 -f 'dst 10.0.0.42 and port 80'

Destination IP and TCP Port

tshark -i eth0 -f 'dst 10.0.0.42 and port 80'

Source IP

tshark -i eth0 -f "src 10.0.0.42"

Source IP and TCP Port

tshark -i eth0 -f "src 10.0.0.42 and port 8080"


Related Articles