Book Image

Wireshark Essentials

Book Image

Wireshark Essentials

Overview of this book

Table of Contents (15 chapters)
Wireshark Essentials
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Capturing traffic with Tshark


Tshark can be used to capture network packets and/or display data from the capture or a previously saved packet trace file; packets can be displayed on the screen or saved to a new trace file.

The same syntax used to perform a basic capture using Dumpcap will work with Tshark as well, so we won't repeat that here. However, Tshark offers a very wide range of additional features, with a corresponding large number of command-line options that can, as in all Wireshark utilities, be viewed by typing tshark –h in the command prompt.

A number of Tshark options are to view statistics; an example of the command syntax and statistical results from a capture (after pressing Ctrl + C to end the capture) is illustrated in the following screenshot:

You will find an extensive number of details and examples on using statistics and other Tshark options at https://www.wireshark.org/docs/man-pages/tshark.html.