📦Tshark & Filtering Basics
Tshark Overview
Tshark is a command-line tool used for network packet analysis. It helps you capture, inspect, and analyze network traffic in a readable format. Tshark can provide insights into network behavior, identify issues, and troubleshoot problems. By capturing and decoding packets, it allows you to see details like source and destination addresses, protocols used, and even application data. It's like a detective tool for understanding what's happening on a computer network.
Tshark Commands
General Commands
List available capture interfaces:
Capture packets on a specific interface (e.g., eth0):
Read and analyze packets from a saved pcap file:
Advanced Analysis
Read packets from a pcap file and display protocol hierarchy statistics quietly:
Read packets from a pcap file and filter based on a display filter:
Read packets from a pcap file and filter for HTTP GET requests with timestamp, source IP, and full URI:
Read packets from a pcap file and filter for HTTP requests containing the word "password":
Capture Options
Capture packets on a specific interface with a packet count limit:
Capture packets and save to a file in pcap format:
Display Options
Display packet details in real-time with human-readable output:
Print a summary of unique source and destination IP addresses from a pcap file:
Filter and display packets between a specific source and destination IP address:
Hacker's Mantra:I’m still a hacker. I get paid for it now. I never received any monetary gain from the hacking I did before. The main difference in what I do now compared to what I did then is that I now do it with authorization. - Kevin Mitnick
Last updated