Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

Differences in Revisions: tshark

Older Revision
August 22 at 9:53 pm
»
remove hash from title
## tshark
# tshark
![](addons/tshark/tshark_logo.png)
 
New add-on as of Core Update 132.
 
[tshark](https://www.wireshark.org/docs/man-pages/tshark.html) is a network protocol analyzer. It has many possible uses, including capturing packet data from live connections, reading packets from a previously saved capture file, printing a decoded form of those packets to the standard output, and writing the packets to a file.
 
Current features:
 
* Deep inspection of hundreds of protocols
* Live capture and offline analysis
* VoIP analysis
* Read/write different capture file formats
* Collection of various types of statistics
* Capture files compressed with gzip can be decompressed on the fly
* Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others
* Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
* Coloring can be applied for quick intuitive analysis
* Output can be exported to XML, PostScript®, CSV, or plain text
 
 
## Installation
tshark can be installed with the [Pakfire](/configuration/ipfire/pakfire) web interface or via the console:
 
` pakfire install tshark`
 
 
## Usage
There is **no web interface** for this Addon. To run this Addon open the client console or terminal and access the IPFire box via [SSH](/configuration/system/ssh).
 
To obtain a list of possible commands and parameters use:
`tshark -h`
 
 
## Links
* [linux.die mapages for tshark](https://linux.die.net/man/1/tshark)
* [Display Filter Wiki](https://wiki.wireshark.org/DisplayFilters)
* [PCAP-Filter manpage](https://www.wireshark.org/docs/man-pages/pcap-filter.html)
* [Building Display Filter Expressions](https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html)
* [Using tshark to Watch and Inspect Network Traffic](https://www.linuxjournal.com/content/using-tshark-watch-and-inspect-network-traffic)
* [tshark tutorial and filter examples](https://hackertarget.com/tshark-tutorial-and-filter-examples)
* [Analyzes specific Tshark commands](https://explainshell.com/explain?cmd=tshark+-w+%2Ftmp%2Fdhcp.pcap+-f+%22port+67+or+port+68%22+-i+red0)