tshark

New add-on as of Core Update 132.

tshark is a network protocol analyzer. It has many possible uses, including capturing packet data from live connections, reading packets from a previously saved capture file, printing a decoded form of those packets to the standard output, and writing the packets to a file.

Current features:

• Deep inspection of hundreds of protocols
• Live capture and offline analysis
• VoIP analysis
• Read/write different capture file formats
• Collection of various types of statistics
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Coloring can be applied for quick intuitive analysis
• Output can be exported to XML, PostScript®, CSV, or plain text

Installation

tshark can be installed with the Pakfire web interface or via the console:

pakfire install tshark

Usage

There is no web interface for this Addon. To run this Addon open the client console or terminal and access the IPFire box via SSH.

To obtain a list of possible commands and parameters use:
tshark -h

Links

• linux.die mapages for tshark
• Display Filter Wiki
• PCAP-Filter manpage
• Building Display Filter Expressions
• Using tshark to Watch and Inspect Network Traffic
• tshark tutorial and filter examples
• Analyzes specific Tshark commands