Amazing tool that captures packets and disassembles them. Allows you to click an interactive tree that represents Ethernet, TCP/IP and application layer like HTTP.
Start capture immediately from CLI, capture packets to/from 192.168.1.102:
sudo wireshark -f 'host 192.168.1.102' -k
Capture by instead:
sudo wireshark -f http -k
sudo wireshark -f icmp -k
Filter by both protocol and host:
sudo wireshark -f 'host 192.168.1.102 and icmp' -k
For application layer capture filtering, the best you can do is by port:There is an
sudo wireshark -f 'tcp port 80'
http
filter but only for as a wireshark display filterSample usage:This produces simple one liners for each request.
sudo tshark -f 'host 192.168.1.102