Analyzing network traffic with Tshark
Conclusions
The Tshark analyzer is a simple, command-line tool for monitoring and analyzing data streams. Tshark filters out individual protocols from the array of packages with just a few simple steps.
Tshark is easy to use and learn, and, like its GUI-based counterpart Wireshark, it works well on a small scale. However, sooner or later, Tshark will impair system performance if you need to collect large volumes of data. See the Wireshark wiki [14] for some tips on mitigating any performance slumps that occur when you are using Wireshark or Tshark.
Infos
- Tcpdump: http://www.tcpdump.org
- Wireshark: https://www.wireshark.org
- Tshark man page: https://www.wireshark.org/docs/man-pages/tshark.html
- Pcap man page: http://www.tcpdump.org/manpages/pcap.3pcap.html
- Netfilter: http://www.netfilter.org
- TCP handshake: http://en.wikipedia.org/wiki/Transmission_Control_Protocol
- Package filtering with Tshark: https://thesprawl.org/research/packet-filtering/
- Various filter methods: http://wiki.wireshark.org/CaptureFilters
- Samba troubleshooting with Tshark: https://wiki.samba.org/index.php/Capture_Packets
- Samba sniffing in the Wireshark documentation: http://wiki.wireshark.org/SMB
- WiFi sniffing: http://wiki.wireshark.org/CaptureSetup/WLAN
- Bluetooth sniffing: http://wiki.wireshark.org/CaptureSetup/Bluetooth
- Analyzing USB traffic: http://wiki.wireshark.org/CaptureSetup/USB
- Performance optimization: http://wiki.wireshark.org/Performance
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)