Wireshark

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.
-- Wikipedia

Packet filtering

Building Display Filter Expressions

Operators:

Display Filter comparison operators
Display Filter Logical Operations

Examples

IP address (any)

ip.addr == <ip-address>

Source and destination IP addresses

ip.src == <src-ip-address> and ip.dst == <dst-ip-address>

Protocol

<protocol>
http

Protocol contains string

<protocol> contains <string>
http contains google.com

TCP port

tcp.port eq <port>

UDP port

udp.port eq <port>

Negation

not <expression>

Capture packets

ssh <user>@<ip> "/usr/sbin/tcpdump -i ens33 -U -s0 -w - 'not port 22'" > bla.cap
wireshark bla.cap

Alternative approach

ssh <user>@<ip> "/usr/sbin/tcpdump -i lo -U -s0 -w - 'not port 22'" | wireshark -k -i -

PreviousPowerShell on Linux NextWordlists and dictionaries

Last updated 4 years ago

hashtagPacket filtering

hashtagOperators:

hashtagExamples

hashtagCapture packets

Packet filtering

Operators:

Examples

Capture packets