tshark Command Examples

Packet analysis tool, CLI version of Wireshark. More information: https://tshark.dev/.

• Monitor everything on localhost:

tshark

• Only capture packets matching a specific capture filter:

tshark -f '{{udp port 53}}'

• Only show packets matching a specific output filter:

tshark -Y '{{http.request.method == "GET"}}'

• Decode a TCP port using a specific protocol (e.g. HTTP):

tshark -d tcp.port=={{8888}},{{http}}

• Specify the format of captured output:

tshark -T {{json|text|ps|…}}

• Select specific fields to output:

tshark -T {{fields|ek|json|pdml}} -e {{http.request.method}} -e {{ip.src}}

• Write captured packet to a file:

tshark -w {{path/to/file}}

• Analyze packets from a file:

tshark -r {{path/to/file.pcap}}