Wireshark command-line fu
In order to work conveniently with the command-line tools that come with Wireshark, it is recommended to add the path of the local Wireshark directory to the system environment variables. As we move ahead, I will assume that you've already configured the system environment variable as mentioned. Having said that, now let's look at the following more useful command-line utilities that ship with Wireshark:
tshark
capinfos
editcap
mergecap
Tip
Pass the -h
argument with any of the command-line utilities to browse through the help options with each utility. For example, open the command prompt and run tshark –h
.
tshark
The command-line version of Wireshark: tshark is used to capture and often display packets in typical situations when we don't have the privilege of using an interactive user interface, or when we are concerned about packet loss. Because in situations where a bulk load of traffic is flowing on the network, Wireshark's capture engine...