Difference between revisions of "How to capture packets using wireshark"

From Kolmisoft Wiki
Jump to navigationJump to search
Line 1: Line 1:
=About=
=About=
<br><br>
Wireshark is the world's foremost network protocol analyzer.  
Wireshark is the world's foremost network protocol analyzer.  


It lets you capture and interactively browse the traffic running on a computer network. [http://en.wikipedia.org/wiki/Wireshark more about Wireshark]
It lets you capture and interactively browse the traffic running on a computer network. More information about Wireshark can be found [http://en.wikipedia.org/wiki/Wireshark here]
==Install==
==Install==
<br><br>
To install Wireshark put this command to Terminal:
To install Wireshark put this command to Terminal:


Line 9: Line 11:


==Usage==
==Usage==
<br><br>
After that you can use command:
After that you can use command:


Line 23: Line 26:
tshark
tshark


More options with command tshark you can find [http://www.wireshark.org/docs/wsug_html_chunked/AppToolstshark.html find here].
More options with command tshark you can find [http://www.wireshark.org/docs/wsug_html_chunked/AppToolstshark.html here].

Revision as of 14:45, 17 November 2011

About



Wireshark is the world's foremost network protocol analyzer.

It lets you capture and interactively browse the traffic running on a computer network. More information about Wireshark can be found here

Install



To install Wireshark put this command to Terminal:

yum install Wireshark

Usage



After that you can use command:

tethereal -i eth0 -w /home/capture.pcap

To save a dump of packets.

Packets will be saved to directory /home/capture.pcap

You can send captured file capture.pcap from your server and open with Wireshark GUI and analyse the packets.

You can analyse network packets on real time on server using command:

tshark

More options with command tshark you can find here.