MEMO Wireshark

From KuWiki

The Ethereal network protocol analyzer has changed its name to Wireshark.

Contents 1 TShark (The text mode Wireshark) 1.1 Capture 1.2 Display 2 References

TShark (The text mode Wireshark)

Capture

Capture packets from interface ppp0 which destination IP is 192.168.0.1 then write to file 00.pkt.

# tshark -n -i ppp0 -R "ip.dst == 192.168.0.1" -w 00.pkt

Display

Display the packets content from file 00.pkt in hex.

# tshark -x -r 00.pkt

References

• Wireshark official site
• tshark(1)
• wireshark(1)
• wireshark-filter(4)
• Wireshark User's Guide
• Display Filter Reference