Packet Sniffing and Monitoring with Tshark / Wireshark

Submitted by rex on Sat, 01/09/2010 - 01:34

capture the traffic for 300 seconds and save it in output_file and exit

tshark -a duration:300 -q -w output_file

Sniff the traffic and show it on the screen
tshark -S

Sniff 1000 packets and show it on the screen
tshark -S -c 1000

IO Stats - How many packets and frames has been transfered in 60 seconds?
tshark -a duration:60 -z io,stat,60

read the dumpfile 'output_file'
tshark -r output_file

read output_file and show only http connections from the ip
tshark -r output_file -R "ip.addr == && tcp.port == 80"

Show only http GET requests from the output_file
tshark -r output_file -R "http.request.method==GET"

Show IP's mit incoming & outgoing traffic
tshark -r output_file -q -z conv,ip

Save the smtp network connection for 300 seconds and also displays realtime the connections.
tshark -w smtp-network-connections -a duration:300 -S -q -R "smtp"