Analyzing network traffic with Tshark

Conclusions

The Tshark analyzer is a simple, command-line tool for monitoring and analyzing data streams. Tshark filters out individual protocols from the array of packages with just a few simple steps.

Tshark is easy to use and learn, and, like its GUI-based counterpart Wireshark, it works well on a small scale. However, sooner or later, Tshark will impair system performance if you need to collect large volumes of data. See the Wireshark wiki [14] for some tips on mitigating any performance slumps that occur when you are using Wireshark or Tshark.

The Author

Valentin Höbel works as a Cloud architect for the VoIP specialists NFON AG in Munich. When he is not playing table football in his spare time, you will find him investigating current open source technologies.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Capture File Filtering with Wireshark

    Wireshark doesn’t just work in real time. If you save a history of network activity in a pcap file using a tool such as tcpdump, you can filter the data with Wireshark to search for evidence.

  • Security Lessons

    Building a network flight recorder with Wireshark.

  • Core Technologies

    Learn what's going on in your network, using Linux and its arsenal of packet capture tools.

  • Wireshark

    If you know your way around network protocols, you can get to the source of a problem quickly with Wireshark.

  • FOSSPicks

    This month's FOSSPicks was nearly lost in a stream of AES-256 noise, as Graham struggled to get his encrypted Linux installation (using LUKS) to live alongside an encrypted macOS installation (using APFS).

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News