How to Use Tshark (Terminal wireshark, lol)
Tshark or i would called it Terminal wireshark, yeah it is. It's a terminal version of wireshark, i just fall in love with this tool recently and i will spend this day to learn it. Ok let's skip what i learn and i will make it simple for you. This tool is similar to tcpdump, you can easily learn this tool if you know some tcpdump commands. tshark -i wlan0 -w output.pcap Those command will store wlan0 dump to output.pcap. You can also insert another argument like: tshark -R "ip.addr == 192.168.0.1" -r /tmp/capture.cap Or: “Ethernet address 00:08:15:00:08:15” eth.addr == 00:08:15:00:08:15 “Ethernet type 0×0806 (ARP)” eth.type == 0×0806 “Ethernet broadcast” eth.addr == ff:ff:ff:ff:ff:ff “No ARP” not arp “IP only” ip “IP address 192.168.0.1” ip.addr == 192.168.0.1 “IP address isn't 192.168.0.1, don't use != for this!” !(ip.addr == 192.168.0.1) “IP
