Hacking with TShark

Happy devSecOps

About TShark

TShark is a network protocol analyzer. It is a terminal application capable of doing virtually anything we do with Wireshark, but no GUI. Without any options set, TShark will work much like tcpdump. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on the standard output for each received packet. TShark can capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark’s native capture file format is pcapng format, which is also the format used by Wireshark and various other tools. In this post I will discuss about various network packet analyzing operations that can be performed with TShark.

Basic info

Capture packets

Capture fields

Write to file

Read from file

Reference

1. https://linoxide.com/linux-how-to/network-sniffing-tshark/
2. https://www.cellstream.com/reference-reading/tipsandtricks/272-t-shark-usage-examples
3. https://hackertarget.com/tshark-tutorial-and-filter-examples/
4. https://reberhardt.com/blog/2016/10/10/capturing-https-traffic-with-tshark.html
5. https://tshark.dev/analyze/packet_hunting/packet_hunting/
6. https://www.linuxjournal.com/content/using-tshark-watch-and-inspect-network-traffic