• Diniz Martins


Tshark, a well known and powerful command-line tool and is used as a network analyzer. It is developed by Wireshark. It’s working structure is quite similar to Tcpdump, but it has some powerful decoders and filters. TShark is capable of capturing the data packets information of different network layers and display them in different formats.

TShark is used to analyze real-time network traffic and it can read .pcap files to analyze the information, dig into the details of those connections, helping security professionals to identify their network problem.

Installing on Linux:

TShark prints a list of the interfaces whose traffic it can capture. Each interface is referred to by their serial number and as you can see it is followed by a text description of the network interface. These interfaces can be specified using -i parameter; which is used to specify the network whose traffic we want to capture. And to check out these interfaces you can use the parameter -D as shown below:

In the networking, promiscuous mode is used as an interface controller that causes tshark to pass all the traffic it receives to the CPU rather than passing the frames to the promiscuous mode is normally used for packet sniffing that can take place on a router or on a computer connected to a wired network or a part of LAN.

When using this mode, we will need to configure it with the help of ifconfig so that it let us capture the data packets of the whole network. Therefore, we will start by pinging a website and try to capture its data packets.

> Capture the packets:

> Packet count:

> Read and Write in a file:

> Verbose mode:

> Tabs:

> Capturing packets of a particular port:

> Display filter:

41 views0 comments

Recent Posts

See All

NMAP | Essential Commands

Nmap or Network Mapper is undoubtedly the best reconnaissance tool used by modern penetration testers. This open-source application has come a long way since its inception and proved to be a game-chan

Directory Scanner Enumeration

Directory Scanner is the free Directory Server fingerprinting tool. It can help you to remotely detect the type of Directory servers running on the local network as well as Internet. In addition to th