If you have a pcap file that you wish to process, you can use the “-r” command. Let’s break down some of the components of this command.īy default, tshark will listen on the local interface in order to grab packets off the wire. For reference, here’s the screen capture that started the conversation:
I’ll also dive into how these fields can be extracted and manipulated. I had a number of questions around how this works, so I wanted to post a more in-depth blog entry that discusses tshark’s ability to display specific header fields. In a previous blog entry, I referenced using tshark to extract IP header information so that it could be sorted and analyzed.
0 kommentar(er)
