Here are some common Wireshark commands and their purposes:
-
Start Wireshark:
wiresharkLaunches the Wireshark GUI.
-
Capture on a specific interface:
wireshark -i <interface>Replace
<interface>with the name of the network interface (e.g.,eth0,wlan0). -
Capture with a filter:
wireshark -i <interface> -f "tcp port 80"Captures only TCP traffic on port 80.
-
Open a capture file:
wireshark <file.pcap>Opens a previously saved capture file for analysis.
-
Export packets:
tshark -r <file.pcap> -w <output.pcap>Uses
tshark(the command-line version of Wireshark) to read a capture file and write it to a new file. -
Display specific protocols:
wireshark -Y "http"Opens Wireshark and displays only HTTP packets.
These commands can help you effectively capture and analyze network traffic. If you need more specific commands or examples, let me know!
