by Ciro Santilli (@cirosantilli, 37)
Amazing tool that captures packets and disassembles them. Allows you to click an interactive tree that represents Ethernet, TCP/IP and application layer like HTTP.
Start capture immediately from CLI, capture packets to/from 192.168.1.102:
sudo wireshark -f 'host 192.168.1.102' -k
Capture by instead:
sudo wireshark -f http -k
sudo wireshark -f icmp -k
Filter by both protocol and host:
sudo wireshark -f 'host 192.168.1.102 and icmp' -k
For application layer capture filtering, the best you can do is by port:
sudo wireshark -f 'tcp port 80'
There is an http filter but only for as a wireshark display filter
Sample usage:
sudo tshark -f 'host 192.168.1.102
This produces simple one liners for each request.
What you likely want is the -V option which fully disassembles each frame much as you can do in the GUI Wireshark:
sudo tshark -V -f 'host 192.168.1.102

Ancestors (7)

  1. Computer network software
  2. Computer network
  3. Computer
  4. Information technology
  5. Area of technology
  6. Technology
  7. Home

Incoming links (3)

View article source

Discussion (0)

+ New discussion

There are no discussions about this article yet.

Articles by others on the same topic (1)

Wireshark by Wikipedia Bot 0 1970-01-01
View more
Wireshark is a widely-used open-source network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. It provides a rich set of features for analyzing different types of network protocols, making it an essential tool for network administrators, cybersecurity professionals, and developers.
Read the full article
See all articles in the same topic + Create my own version