Custom Search

SUBSCRIBE

SUBSCRIBE : 300 + Free Video Tutorials Programming (Python, golang, Julia), DevOps

Monday, July 21, 2014

How to tshark capture and display packets

1)
Install tshark
#sudo apt-get install tshark

2)
Get all network traffic going through the interface "eth1"

#sudo tshark -i eth1

3)
Get only the http requets going through the interface "eth1"

#sudo tshark -i eth1 -R "http"

http://www.codealias.info/technotes/the_tshark_capture_and_filter_example_page

4)
Exclude SSH port or SSH packets
#sudo tshark -i eth1 -f "not port 22"
OR
#sudo tshark -i eth1 -f "not tcp port 22"

5)
Capture only ICMP (Ping) protocol Packets
#sudo tshark -i eth1 icmp
OR
#sudo tshark -i eth0 -f "icmp"

6)
Capture only TCP protocol packets
#sudo tshark -i eth1 tcp
OR
#sudo tshark -i eth0 -f "tcp"

7)
Capture only SSH packets
#sudo tshark -i eth0 -f "tcp port 22"

8)
Capture only HTTP packets
#sudo tshark -i eth0 -f "tcp port 80"

9)
Capture only ARP packets
#sudo tshark -i eth0 -f "arp"

10)
Capture both ICMP and ARP packets
#sudo tshark -i br-tap2 -f "icmp or arp"

11)
Capture all UDP Packets
#sudo tshark -f "udp" -i eth0
OR
#With details
#sudo tshark -V -f "udp" -i eth0

12)
Capture all UDP Packets Coming to and going to port 53
#sudo tshark -V -f "udp port 53" -i eth0
OR
#With details
#sudo tshark -V -f "udp port 53" -i eth0

13)
Print a list of the interfaces on which TShark can capture
#sudo tshark -D





1 comment:

  1. http://www.codealias.info/technotes/the_tshark_capture_and_filter_example_page

    ReplyDelete