Wireshark command line linux8/17/2023 ![]() For example, to find traffic coming from and going to 8.8.8.8, we use the command: # tshark -i eth0 -c 10 host 8.8.8.8įor traffic coming from 8.8.8.8: # tshark -i eth0 src host 8.8.8.8įor traffic going to 8.8.8.8: # tshark -i eth0 dst host 8.8.8.8 We can filter out traffic coming from a specific host. For example, if we want to limit the output to 10 lines, we will use the command below: # tshark -i eth0 -c 10 Capture traffic to and from one host We can also limit the output of the capture to specific lines. With the power of TShark's filtering, we can display the traffic we are interested in. Here is a basic explanation of how TShark works: It captures all traffic that is initiated to and from the server where it's installed. My computer is trying to connect to this server, so it's going through the TCP handshake. Therefore, 41.242.139.31 -> 207.180.200.5 means the packet originated at host 41.242.139.31, which is my computer, and is headed for destination 207.180.200.5, which is the remote server where TShark is installed. The arrow's direction indicates which direction the packet is going. These lines include two IP addresses on either side of an arrow-these are the hosts that are exchanging the packet. The packets above are denoted by numbers at the beginning of the line. If we wanted to capture traffic on eth0, we could call it with this command: tshark -i eth0 To get this information, you will need to run the command below: # tshark –D You may need to use sudo or root access in this case. It uses the pcap library to capture traffic from the first available network interface and displays a summary line on each received packet's standard output.īefore we start any capture, we need define to which interfaces on our server TShark can use. Without any options set, TShark works much like tcpdump. On Red Hat Enterprise Linux (RHEL) 8: dnf install wireshark Use cases On Red Hat Enterprise Linux (RHEL) 7: yum install wireshark Wireshark can be installed with the standard simple commands. How well do you know Linux? Take a quiz and get a badge.Linux system administration skills assessment. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |