Hacking with TShark
Happy devSecOps
About TShark
TShark
is a network protocol analyzer. It is a terminal application capable of doing virtually anything we do with Wireshark
, but no GUI. Without any options set, TShark
will work much like tcpdump
. It will use the pcap
library to capture traffic from the first available network interface and displays a summary line on the standard output for each received packet. TShark
can capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark
’s native capture file format is pcapng
format, which is also the format used by Wireshark
and various other tools. In this post I will discuss about various network packet analyzing operations that can be performed with TShark
.
Basic info
Capture packets
Capture fields
Write to file
Read from file
Reference
- https://linoxide.com/linux-how-to/network-sniffing-tshark/
- https://www.cellstream.com/reference-reading/tipsandtricks/272-t-shark-usage-examples
- https://hackertarget.com/tshark-tutorial-and-filter-examples/
- https://reberhardt.com/blog/2016/10/10/capturing-https-traffic-with-tshark.html
- https://tshark.dev/analyze/packet_hunting/packet_hunting/
- https://www.linuxjournal.com/content/using-tshark-watch-and-inspect-network-traffic