Last active
November 19, 2025 15:18
-
-
Save erangaeb/e10780d825c50543e944ae0dbeccda4b to your computer and use it in GitHub Desktop.
tshark capture packets
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # capture all packets on default network interface | |
| sudo tshark | |
| # capture all packets on specific network interface | |
| # -i ens4 (ens4 interface) | |
| sudo tshark -i ens4 | |
| # capture packets with disable name resolutions (e.g hostname, tcp udp port names), it would be good for peformance | |
| # -nn (disable name resolutions) | |
| sudo tshark -nn -i ens4 | |
| # capture all tcp packets on port 7654 | |
| sudo tshark -nn -i ens4 'tcp port 7654' | |
| # capture all udp packets on port 7654 | |
| sudo tshark -nn -i ens4 'udp port 7654' | |
| # capture only incoming packets on port 7654 | |
| sudo tshark -nn -i ens4 'dst port 7654' | |
| # capture packets on port 7654 which comes to ip 10.128.0.3 | |
| sudo tshark -nn -i ens4 'tcp port 7654 and ip dst 10.128.0.3' | |
| # capture all packets on tcp port 7654 and display more details of http packets | |
| # -O http (show more packet details of specific protocol) | |
| sudo tshark -nn -i ens4 -O http 'tcp port 7654' | |
| # capture only http traffic comes to port 7654 | |
| # -Y http (capture only http traffic) | |
| sudo tshark -nn -i ens4 -Y http 'dst port 7654' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment