System Grab Bag

View all TLDR pages from Linux (or from all pages)

tshark

Packet analysis tool, CLI version of Wireshark. More information: https://tshark.dev/.
  • Monitor everything on localhost:
    tshark
  • Only capture packets matching a specific capture filter:
    tshark -f '{{udp port 53}}'
  • Only show packets matching a specific output filter:
    tshark -Y '{{http.request.method == "GET"}}'
  • Decode a TCP port using a specific protocol (e.g. HTTP):
    tshark -d tcp.port=={{8888}},{{http}}
  • Specify the format of captured output:
    tshark -T {{json|text|ps|…}}
  • Select specific fields to output:
    tshark -T {{fields|ek|json|pdml}} -e {{http.request.method}} -e {{ip.src}}
  • Write captured packet to a file:
    tshark -w {{path/to/file}}
  • Analyze packets from a file:
    tshark -r {{path/to/file.pcap}}

License and Disclaimer

The content on this page is copyright © 2014—present the tldr-pages team and contributors.
This page is used with permission under Creative Commons Attribution 4.0 International License.

While we do attempt to make sure content is accurate, there isn't a warranty of any kind.