It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. Analyze packets from a file: tshark -r filename.pcap.Write captured packet to a file: tshark -w path/to/file.
Select specific fields to output: tshark -T fields|ek|json|pdml -e -e ip.src.Specify the format of captured output: tshark -T json|text|ps|….Decode a TCP port using a specific protocol (e.g.Only show packets matching a specific output filter: tshark -Y ' = "GET"'.Only capture packets matching a specific capture filter: tshark -f ' udp port 53'.Monitor everything on localhost: tshark.Dump and analyze network traffic Examples (TL DR)
0 kommentar(er)
