tshark -D
tshark -r VoIP_traffic.pcap -c 1 -V
tshark -i eth0 -c 10 -f "tcp port 80" -w tcp80.pcap
tshark -r icmp.pcap -T pdml > icmp.xml
xsltproc /usr/share/wireshark/pdml2html.xsl icmp.xml > icmp.html
tshark -r tcp80.pcap -Y 'http.request.method == "GET"'
tshark -r HTTP_traffic.pcap -Y 'http.request.method == "GET"' -Tfields -e http.host -e http.request.uri -E header=y > httpextract.txt
tshark -r WiFi_traffic.pcap -Y 'wlan.fc.type_subtype == 0x0008' | wc -l
tshark -r WiFi_traffic.pcap -Y 'wlan.fc.type_subtype == 0x000c' -Tfields -e wlan.ssid -e wlan.bssid -e wlan.ds.current_channel | sort | less | uniq
tshark -r WiFi_traffic.pcap -q -z io,phs,'wlan.bssid == 6c:19:8f:5f:81:74'
tshark -r WiFi_traffic.pcap -q -z conv,wlan,'wlan.bssid == 6c:19:8f:5f:81:74'
tshark -r Conference_Call_three_parties.pcap -q -z sip,stat
tshark -i eth0 -w icmp.pcap -b filesize:10 -b files:10
tshark -r Call_to_VoiceMail-SIPTLS-RTP.pcap -Y 'udp.port == 4000' -d udp.port==4000,rtp -q -z rtp,streams
tshark -r HTTPS_traffic_RSA_Exchange.pcap -o "ssl.keys_list:0.0.0.0,443,http,private.key" -q -z http,tree
>>> import pyshark
>>> capture = pyshark.LiveCapture(interface='eth0')
>>> capture.sniff(timeout=10)
>>> capture
<LiveCapture (20 packets)>
>>> pkt = capture[0]
>>> pkt
<ICMP Packet>
>>> pkt.pretty_print()
>>> dir(pkt)
>>> pkt.layers
>>> dir(pkt.eth)
>>> pkt.eth.type
'0x00000800'
>>> pkt.eth.src
'00:50:56:e9:ff:b1'
>>> pkt.eth.dst
'00:0c:29:1a:60:e7'
>>> pkt.ip.dst
'192.168.118.128'
>>> pkt.ip.layer_name
'ip'