tshark

# -i: interface (default: eth0)
tshark -i tun0
# --list-interface: List interfaces available
tshark --list-interfaces

# -r: Use a captured file
tshark -r example.pcapng

# Number of packets
tshark -r example.pcapng | wc -l

# Hex dump
tshark -r example.pcapng --hexdump all

Filtering

We can filter packets using -Y option.

Protocols

# HTTP
tshark -Y 'http'

# ICMP
tshark -Y 'icmp'

# TCP/UDP
tshark -Y 'tcp'
tshark -Y 'udp'

IP Address

tshark -Y 'ip.addr == 127.0.0.1'

# Source address
tshark -Y 'ip.src == 127.0.0.1'

# Destination address
tshark -Y 'ip.dst == 127.0.0.1'

Dump Transferred Data

tshark -r example.pcapng -T fields -e data -Y "ip.src == 10.0.0.2 and ip.dst == 10.0.0.3" > data.txt

Protocol

Port Forwarding

WiFi

Attack

Tool

VPN

Others

Tshark Cheat Sheet

Basic Capture

Filtering

Protocols

IP Address

Dump Transferred Data

ON THIS PAGE