Amazing tool that captures packets and disassembles them. Allows you to click an interactive tree that represents Ethernet, TCP/IP and application layer like HTTP.
Start capture immediately from CLI, capture packets to/from 192.168.1.102:
sudo wireshark -f 'host 192.168.1.102' -k
Capture by instead:
sudo wireshark -f http -k
sudo wireshark -f icmp -k
Filter by both protocol and host:
sudo wireshark -f 'host 192.168.1.102 and icmp' -k
For application layer capture filtering, the best you can do is by port:There is an
sudo wireshark -f 'tcp port 80'
http
filter but only for as a wireshark display filterSample usage:This produces simple one liners for each request.
sudo tshark -f 'host 192.168.1.102
Articles by others on the same topic
Wireshark is a widely-used open-source network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. It provides a rich set of features for analyzing different types of network protocols, making it an essential tool for network administrators, cybersecurity professionals, and developers.