Tuesday, March 24, 2009

Run wireshark from command line (Linux)

A nice alternative to running wireshark in a GUI environment is to run tshark. This feature provides similar functionality to the conventional wireshark tool, but can be run like tcpdump on the console. This eliminates the need to separately sniff and make sense of packets seen on the interface.

A simplest example could be to write a binary file
$> tshark -i interface -w file.bin

or to write a plain text as -
$> tshark -i interface > file.txt


