commit
a22710e65e
|
@ -0,0 +1,178 @@
|
||||||
|
{
|
||||||
|
"id": "tshark_cheat_sheet",
|
||||||
|
"name": "Tshark",
|
||||||
|
"description": "A network protocol analyzer",
|
||||||
|
"metadata": {
|
||||||
|
"sourceName": "Wireshark.org",
|
||||||
|
"sourceUrl": "https://www.wireshark.org/docs/man-pages/tshark.html"
|
||||||
|
},
|
||||||
|
"aliases": [
|
||||||
|
"command line wireshark",
|
||||||
|
"terminal wireshark"
|
||||||
|
],
|
||||||
|
"template_type": "terminal",
|
||||||
|
"section_order": [
|
||||||
|
"Installation",
|
||||||
|
"Lower Case Options",
|
||||||
|
"Upper Case Options",
|
||||||
|
"Special Options"
|
||||||
|
],
|
||||||
|
"sections": {
|
||||||
|
"Installation": [
|
||||||
|
{
|
||||||
|
"key": "sudo apt-get install tshark",
|
||||||
|
"val": "Install TShark on Ubuntu"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "tshark -i wlan0 -w capture-output.pcap",
|
||||||
|
"val": "Basic Usage"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Lower Case Options": [
|
||||||
|
{
|
||||||
|
"key": "-a <capture autostop condition>",
|
||||||
|
"val": "Specify a criterion that specifies when TShark is to stop writing to a capture file"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-b <capture ring buffer option>",
|
||||||
|
"val": "Run Tshark in \"multiple files\" mode. Ex: -b filesize:1000 -b files:5 results in a ring buffer of five files of size one megabyte each"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-c <capture packet count>",
|
||||||
|
"val": "Set the maximum number of packets to read when capturing live data. If reading a capture file, set the maximum number of packets to read"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-d <layer type>==<selector>,<decode-as protocol>",
|
||||||
|
"val": "Specify how a layer type should be dissected. Ex: -d tcp.port==8888,http will decode any traffic running over TCP port 8888 as HTTP"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-e <field>",
|
||||||
|
"val": "Add a field to the list of fields to display if -T fields is selected"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-f <capture filter>",
|
||||||
|
"val": "Set the capture filter expression"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-h",
|
||||||
|
"val": "Print the version and options and exits"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-i <capture interface> | -",
|
||||||
|
"val": "Set the name of the network interface or pipe to use for live packet capture"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-n",
|
||||||
|
"val": "Disable network object name resolution (such as hostname, TCP and UDP port names); the -N flag might override this one"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-p",
|
||||||
|
"val": "Don't put the interface into promiscuous mode"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-r <infile>",
|
||||||
|
"val": "Read packet data from infile, can be any supported capture file format (including gzipped files)"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-s <capture snaplen>",
|
||||||
|
"val": "Set the default snapshot length to use when capturing live data"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-u <seconds type>",
|
||||||
|
"val": "Specifies the seconds type. Valid choices are: s for seconds hms for hours, minutes and seconds"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-v",
|
||||||
|
"val": "Print the version and exit"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-w <outfile> | -",
|
||||||
|
"val": "Write raw packet data to outfile or to the standard output if outfile is '-'"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-x",
|
||||||
|
"val": "Print a hex and ASCII dump of the packet data after printing the summary"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-y <capture link type>",
|
||||||
|
"val": "Set the data link type to use while capturing packets. The values reported by -L are the values that can be used"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Upper Case Options": [
|
||||||
|
{
|
||||||
|
"key": "-B <capture buffer size>",
|
||||||
|
"val": "Set capture buffer size (in MiB, default is 2 MiB)"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-C <configuration profile>",
|
||||||
|
"val": "Run with the given configuration profile"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-D",
|
||||||
|
"val": "Print a list of the interfaces on which TShark can capture, and exit"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-E <field print option>",
|
||||||
|
"val": "Set an option controlling the printing of fields when -T fields is selected"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-F <file format>",
|
||||||
|
"val": "Set the file format of the output capture file written using the -w option"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-H <input hosts file>",
|
||||||
|
"val": "Read a list of entries from a \"hosts\" file, which will then be written to a capture file"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-I",
|
||||||
|
"val": "Put the interface in \"monitor mode\"; this is supported only on IEEE 802.11 Wi-Fi interfaces, and supported only on some operating systems"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-K <keytab>",
|
||||||
|
"val": "Load kerberos crypto keys from the specified keytab file. Ex: -K krb5.keytab"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-N <name resolving flags>",
|
||||||
|
"val": "Turn on name resolving only for particular types of addresses and port numbers, with name resolving for other types of addresses and port numbers turned off"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-Q",
|
||||||
|
"val": "When capturing packets, only display true errors"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-S <separator>",
|
||||||
|
"val": "Set the line separator to be printed between packets"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-V",
|
||||||
|
"val": "Print a view of the packet details"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-W <file format option>",
|
||||||
|
"val": "Save extra information in the file if the format supports it"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-X <eXtension options>",
|
||||||
|
"val": "Specify an option to be passed to a TShark module. The eXtension option is in the form extension_key:value"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-Y <displaY filter>",
|
||||||
|
"val": "Applies specified filter before printing a decoded form of packets or writing packets to a file"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Special Options": [
|
||||||
|
{
|
||||||
|
"key": "-2",
|
||||||
|
"val": "Perform a two-pass analysis. Also permits reassembly frame dependencies to be calculated correctly"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-G",
|
||||||
|
"val": "A special mode to dump one of several types of internal glossaries and then exit"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "-z <statistics>",
|
||||||
|
"val": "Collects various types of statistics and display the result after finishing reading the capture file"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue