by Ciro Santilli (@cirosantilli, 32)
Amazing tool that captures packets and disassembles them. Allows you to click an interactive tree that represents Ethernet, TCP/IP and application layer like HTTP.
Start capture immediately from CLI, capture packets to/from 192.168.1.102: 
sudo wireshark -f 'host 192.168.1.102' -k
Capture by instead: 
sudo wireshark -f http -k
sudo wireshark -f icmp -k
Filter by both protocol and host: 
sudo wireshark -f 'host 192.168.1.102 and icmp' -k
For application layer capture filtering, the best you can do is by port: 
sudo wireshark -f 'tcp port 80'
There is an http filter but only for as a wireshark display filter
Sample usage: 
sudo tshark -f 'host 192.168.1.102
This produces simple one liners for each request.
What you likely want is the -V option which fully disassembles each frame much as you can do in the GUI Wireshark: 
sudo tshark -V -f 'host 192.168.1.102

Ancestors

  1. Computer network software
  2. Computer network
  3. Computer
  4. Information technology
  5. Area of technology
  6. Technology
  7. Index

Incoming links

Discussion (0)

Sign up or sign in create discussions.

There are no discussions about this article yet.

View article source