This Tshark cheat sheet is designed to briefly reference some of the most commonly used Tshark commands, along with a brief description and practical examples to illustrate their use. Whether you’re a seasoned professional looking to brush up on your command-line skills or a newcomer eager to explore the possibilities of networking through Tshark, you’ll find valuable insights and shortcuts here.
Table of Contents
Installation:
| Distribution | Command |
|---|---|
| Debian/Ubuntu | sudo apt install tshark |
| CentOS/Fedora/Red Hat | sudo yum install tshark (CentOS/Fedora)sudo dnf install tshark (Fedora 22+) |
| NixOS | nix-env -iA nixos.tshark |
Tshark Cheat Sheet Commands:
| Task | Command |
|---|---|
| Capture packets on a specific interface | tshark -i eth0 |
| Display filters while capturing | tshark -i eth0 -Y 'http.request.method == "GET"' |
| Save captured packets to a file | tshark -i eth0 -w /path/to/save/output.pcap |
| Read and analyze packets from a file | tshark -r output.pcap |
| List all available capture interfaces | tshark -D |
| Decode packets as HTTPS on a specific port | tshark -d tcp.port==443,http |
Wrapping Up
This Tshark cheat sheet has highlighted the tool’s flexibility and power for everything from simple tasks to advanced operations. Mastering Tshark can significantly boost your networking skills. Keep practising, exploring further resources, and share your findings to deepen your understanding and contribute to the community’s collective knowledge.
You May Also Be Interested In
TShark Cheat Sheet References
Official Tshark Documentation (https://www.wireshark.org/docs/man-pages/tshark.html)
