Tshark

tshark -D

tshark -r VoIP_traffic.pcap -c 1 -V

tshark -i eth0 -c 10 -f "tcp port 80" -w tcp80.pcap

tshark -r icmp.pcap -T pdml > icmp.xml

xsltproc /usr/share/wireshark/pdml2html.xsl icmp.xml > icmp.html

tshark -r tcp80.pcap -Y 'http.request.method == "GET"'

tshark -r HTTP_traffic.pcap -Y 'http.request.method == "GET"' -Tfields -e http.host -e http.request.uri -E header=y > httpextract.txt

tshark -r WiFi_traffic.pcap -Y 'wlan.fc.type_subtype == 0x0008' | wc -l

tshark -r WiFi_traffic.pcap -Y 'wlan.fc.type_subtype == 0x000c' -Tfields -e wlan.ssid -e wlan.bssid -e wlan.ds.current_channel | sort | less | uniq

tshark -r WiFi_traffic.pcap -q -z io,phs,'wlan.bssid == 6c:19:8f:5f:81:74'

tshark -r WiFi_traffic.pcap -q -z conv,wlan,'wlan.bssid == 6c:19:8f:5f:81:74'

tshark -r Conference_Call_three_parties.pcap -q -z sip,stat

tshark -i eth0 -w icmp.pcap -b filesize:10 -b files:10

tshark -r Call_to_VoiceMail-SIPTLS-RTP.pcap -Y 'udp.port == 4000' -d udp.port==4000,rtp -q -z rtp,streams

tshark -r HTTPS_traffic_RSA_Exchange.pcap -o "ssl.keys_list:0.0.0.0,443,http,private.key" -q -z http,tree

>>> import pyshark

>>> capture = pyshark.LiveCapture(interface='eth0')

>>> capture.sniff(timeout=10)

>>> capture

<LiveCapture (20 packets)>

>>> pkt = capture[0]

>>> pkt

<ICMP Packet>

>>> pkt.pretty_print()

>>> dir(pkt)

>>> pkt.layers

>>> dir(pkt.eth)

>>> pkt.eth.type

'0x00000800'

>>> pkt.eth.src

'00:50:56:e9:ff:b1'

>>> pkt.eth.dst

'00:0c:29:1a:60:e7'

>>> pkt.ip.dst

'192.168.118.128'

>>> pkt.ip.layer_name

'ip'