Highest Voted 'tshark' Questions - Server Fault Stack Exchange

3

votes

2 answers

Reducing a pcap file down to all operations on a specific NFS file

I have an 80GB packet capture (libpcap) and I want to filter it down to everything involving all operations on a particular NFS file/filehandle. How can I accomplish this? I know the following facts about what I want to capture (in tshark display…

pcap tshark

asked Apr 22 '13 at 19:00

MikeyB

39,291
10
105
189

2

votes

1 answer

Capturing HTTP requests for JMeter Raw Data Source

I'm trying to capture raw http requests for re-playing it later using JMeter and Raw Data Source plugin. I've tried tshark/tcpdump but it captures the whole TCP data which I dont need, moreover, it cannot save such format to the file, I dont want to…

tcpdump tshark jmeter

asked Jul 13 '16 at 10:35

kreuzerkrieg

123
4

2

votes

0 answers

Network sensor for a TCP connection for collecting statistics each second

I need a Network Sensor capable to gather basic end-to-end statistics (packet loss, jitter and network delay/RTT) of several TCP connections directed to the very same destination (ip-addr:port) on Ubuntu 12.04. The Sensor must be able to collect…

tcp network-monitoring packetloss tshark jitter

asked Jun 13 '15 at 15:51

Paolo

31
2

2

votes

1 answer

How to filter for the most common problems with tcpdump/tshark

I am currently using the following command in Linux to get specifics on network problems. tshark -r file.pcap -q -z io,stat,1,\ "COUNT(tcp.analysis.retransmission)…

networking tcp tcpdump tshark

asked Mar 02 '15 at 14:20

user53029

629
3
14
36

2

votes

2 answers

How to use tshark or tcpdump to calculate bytes transmitted

I am using this command with tshark: tshark -r pcapfile "tcp and ip.src==192.168.1.1" -T text -V -x | grep 'Total Length' This essentially parses the pcap for only connections from the source ip and looks for the total length in bytes from each…

log-files tcpdump pcap tshark

asked Jan 29 '15 at 21:01

user53029

629
3
14
36

2

votes

0 answers

Can I use tshark to write SSL-decrypted packets to a file?

I have a PCAP file containing SSL-encrypted HTTP traffic and the private key from the relevant web server. I'd like a PCAP file that contains the decrypted HTTP traffic to feed into a different tool. I've been able to get tshark to decrypt and…

ssl wireshark pcap tshark

asked Jul 08 '14 at 22:57

Willi Ballenthin

365
1
2
11

2

votes

1 answer

Any way that I can feed tshark a live capture written to a file without reading from the start?

I'm capturing traffic from a microtik router to my linux server and writing to a big file. I'm searching for a way to feed from the current file end forward since it is a several GB file and I can't afford to read from the start, but tshark (or…

tail tshark java

asked Mar 12 '14 at 23:19

Kostas Papadimakis

31
3

2

votes

0 answers

Error in killing Tshark from shell script

I'm getting this error: * glibc detected * /usr/sbin/tshark: double free or corruption While doing as below, any idea why? #!/bin/bash trap 'my_exit; exit' SIGINT SIGQUIT count=0 /usr/sbin/tshark -i bond1.1 -f "port 1111" -w /test/test_1.pcap >…

linux bash shell-scripting tshark

asked Sep 11 '13 at 22:13

shark_t-shark

21
2

2

votes

2 answers

CLI tool for analyzing pcap captures

I am looking for a command line tool that will look at a capture file, tcpdump -w output, and give output equivalent to the information you get in the Wireshark conversations, and endpoint statistics. To give you a little background, I have the…

command-line-interface analysis packet-capture pcap tshark

asked Jan 06 '11 at 19:26

Zoredache

130,897
41
276
420

2

votes

0 answers

TShark - Include decrypted tls data in output

I'm trying to read https requests from an application and while I can somewhat make sense of the data using wireshark, I cannot make tshark output the data as I want it. One of the problems I've noticed is that the content-type from the server is…

wireshark tshark

asked Jul 13 '22 at 21:32

Busata

121
1

1

vote

0 answers

tshark not resolving hostnames

I'm trying to watch on-line to what external hosts one from my laptops (192.168.1.6) tries to access. It works - but no matter what - tshark is not resolving dest IP to hostname. Here is command I'm launching on my firewall/gateway (192.168.1.254):…

hostname tshark

asked Oct 17 '16 at 19:10

user81604

11
2

1

vote

1 answer

how can i setup tshark to capture full URL uri request ip and time stamp

How can I setup tshark to capture full URL uri request ip and time stamp. I have tried this: tshark -V -R "tcp.port ==80 && (http.request || http.response)" | awk "/Hypertext Transfer Protocol/,/Frame/ { print };/Transmission Control…

ubuntu wireshark tshark

asked Jan 12 '16 at 22:19

siddharth raja

11
2

1

vote

1 answer

How do I export both Packet bytes and Summary line using tshark?

I can export ascii using Wireshark with exactly the same settings as in the example from the documenation, i.e. Only Summary line and Packet bytes exported. Since I have many files to do this with I suppose using tshark is way to go, but I do not…

wireshark export tshark ascii

asked Dec 08 '15 at 16:25

dotswe

113
3

1

vote

1 answer

Why do I see so many ssh packets in only a couple seconds?

I am learning how to use tshark so I can better understand networking. As a user the protocol I most often use day to day is SSH. So I thought I'd start a capture filter on ssh packets on my server and see what happens. I ran the following…

networking wireshark tshark

asked Nov 20 '14 at 20:06

almel

113
3

1

vote

0 answers

Redirect Default Gateway Traffic in Linux to File

I am trying to troubleshoot one of my linux servers (ubuntu server). Therefore I want to intercept all traffic that is sent to the default gateway and then write it to a file: preferably some kind of pcap format that is readable by tcpdump and/or…

networking linux-networking traffic packet-capture tshark

asked Oct 21 '14 at 17:59

user1252280

119
4

Questions tagged [tshark]