SNIFFING TRAFFIC
It is recommended to use single quotes for capture filters to avoid space and bash expansion problems
CAPTURE TRAFFIC
#step 1: list available interfaces
root@dco:~$ sudo tshark -D
1. ens5
2. lo (Loopback)
3. any
4. bluetooth-monitor
5. nflog
* TShark requires superuser privileges to sniff live traffic and list all available interfaces.
#step 2: sniff traffic
root@dco:~$ sudo tshark
* not specifying the sniffing interface is similar to using the cmd...
sudo tshark -i 1
- 1 specifies the first available interface on the systemCAPTURE & WRITE TRAFFIC TO FILE
#step 1: list available interfaces
root@dco:~$ sudo tshark -D
1. ens5
2. lo (Loopback)
3. any
4. bluetooth-monitor
5. nflog
* TShark requires superuser privileges to sniff live traffic and list all available interfaces.
#step 2: sniff traffic
root@dco:~$ sudo tshark -w fullPacketCapture.pcapng
* not specifying the sniffing interface is similar to using the cmd...
sudo tshark -i 1
- 1 specifies the first available interface on the systemCAPTURE & WRITE W/ CONDITIONS
#sniffing the traffic and stopping after 2 seconds, and save the dump into 5 files, each 5kb.
#step 1: list available interfaces
root@dco:~$ sudo tshark -D
1. ens5
2. lo (Loopback)
3. any
4. bluetooth-monitor
5. nflog
* TShark requires superuser privileges to sniff live traffic and list all available interfaces.
#step 2: sniff traffic
root@dco:~$ sudo tshark -w autostop-demo.pcap -a duration:2 -a filesize:5 -a files:5
* not specifying the sniffing interface is similar to using the cmd...
sudo tshark -i 1
- 1 specifies the first available interface on the system
# List the contents of the current folder.
root@dco:~$ ls
-rw------- 1 ubuntu ubuntu autostop-demo_..1_2022.pcap
-rw------- 1 ubuntu ubuntu autostop-demo_..2_2022.pcap
-rw------- 1 ubuntu ubuntu autostop-demo_..3_2022.pcap
-rw------- 1 ubuntu ubuntu autostop-demo_..4_2022.pcap
-rw------- 1 ubuntu ubuntu autostop-demo_..5_2022.pcapLast updated