tshark

Packet analysis tool, CLI version of Wireshark. More information: https://tshark.dev/.

tshark

tshark -f 'udp port 53'

tshark -Y 'http.request.method == "GET"'

tshark -d tcp.port==8888,http

tshark -T json|text|ps|…

tshark -T fields|ek|json|pdml -e http.request.method -e ip.src

tshark -w path/to/file

tshark -r path/to/file.pcap