TSHARK

TShark is considered a CLI version of Wireshark and shares the same display filters. it is often preferred over Wireshark when handling large packet captures (PCAPs) over a gigabyte in size. it has several advantages over Wireshark including processing packets in a streaming fashion to reduce memory usage, integration with scripts for automation, operates faster without GUI overhead, and allows on-the-fly packet filtering to improve efficiency.

COMMON PARAMETERS

VERSION INFO

root@dco:~$ tshark -v                           
 TShark (Wireshark) 3 (Git v3. packaged as 3.)

 Copyright 1998-2020 Gerald Combs and contributors. License GPLv2+: GNU GPL version 2 or later.
 This is free software; see the source for copying conditions.

COLORIZED OUTPUT

this help analysts speed up analysis and spot anomalies quickly by using Wireshark-style packet highlighting

root@dco:~$ tshark --color

PreviousCREATING FW RULES NextSNIFFING TRAFFIC

Last updated 9 months ago