Difference between revisions of "Tshark"

tshark -i eth0 -f "host 10.x.x.x and tcp port 80 or port 8080" -Y "http.request || http.response"
sudo tshark -i ens160 -f "proto 47" -d ip.proto==47,gre -q -z sip,stat

tshark -r ../rpcap/trace00 tcp.port==3000
tshark -r ../rpcap/trace00 ip.proto==47
tshark -V -i eth0 -f "host 10.x.x.x" -d tcp.port==162,snmp | grep -i msgAuthoritativeEngineID
sudo tcpdump -nnpi ens160 proto 47
sudo tshark -i ens160 -f "proto 47"


tshark -r ../rpcap/trace00 -T fields -e data
tshark -V -r ../rpcap/trace00 -d tcp.port==3000,sip

editcap -C 38 pcap.pcap pcap_edited.pcap

tshark -V -r ../rpcap/trace00 -d ip.proto==47,gre | grep -i sip
tshark -V -r ../rpcap/trace00 -d ip.proto==47,gre -d tcp.port==3000,sip | grep INVITE
tshark -r ../rpcap/trace00 -d ip.proto==47,gre -q -z sip,stat

• https://www.linuxjournal.com/content/using-tshark-watch-and-inspect-network-traffic
• https://linux.die.net/man/1/tshark