Tshark
Version vom 24. September 2019, 09:38 Uhr von Thomas.will (Diskussion | Beiträge) (→With separator,quotet and header)
Print a list of the interfaces on which TShark can capture
- tshark -D
Capture all traffic on vmbr1
- tshark -i vmbr1
Capture icmp traffic on vmbr1
- tshark -i vmbr1 icmp
Show only the frame numbers
- tshark -i vmbr1 -T fields -e frame.number icmp and host 10.81.1.1
Show frame numbers,time_relative, ip src and ip.dst
- tshark -i vmbr1 -T fields -e frame.number -e frame.time_relative -e ip.src -e ip.dst icmp and host 10.81.1.1
With separator,quotet and header
- tshark -i vmbr1 -T fields -e frame.number -e frame.time_relative -e ip.src -e ip.dst -E separator=, -E quote=d -E header=y icmp and host 10.81.1.1
Show mail traffic as text
- tshark -i vmbr1 -T text port 25