Linux command
termshark 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Example
sudo termshark
Example
sudo termshark -i [eth0]
Example
termshark -r [path/to/capture.pcap]
Example
sudo termshark -i [eth0] -Y "[http.request]"
Example
sudo termshark -i [eth0] -f "[port 80]"
说明
termshark is a terminal-based user interface for tshark that provides a Wireshark-like experience in the terminal. It offers packet list, packet details, and packet bytes views with interactive navigation. The interface supports keyboard navigation, display filtering, and stream reassembly similar to the graphical Wireshark.
参数
- -i _INTERFACE_
- Capture on specified interface
- -r _FILE_
- Read from pcap file
- -Y _FILTER_
- Apply display filter
- -f _FILTER_
- Apply capture filter
- -d _layer==selector,protocol_
- Specify dissection of layer type
- --pass-thru _auto|yes|no_
- Run tshark instead of UI (auto means if stdout is not a tty)
- --debug
- Enable debug mode with profiling server on port 6060
FAQ
What is the termshark command used for?
termshark is a terminal-based user interface for tshark that provides a Wireshark-like experience in the terminal. It offers packet list, packet details, and packet bytes views with interactive navigation. The interface supports keyboard navigation, display filtering, and stream reassembly similar to the graphical Wireshark.
How do I run a basic termshark example?
Run `sudo termshark` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -i _INTERFACE_ do in termshark?
Capture on specified interface