Skip to content
You must be logged in to sponsor pocc

Become a sponsor to Ross Jacobs

@pocc

Ross Jacobs

pocc
Austin

Capture Lifecycle with Tshark

Most Wireshark documentation focuses on the GUI. In its many forms, it spans 2 Wireshark guides, 2 Wireshark forums, manpages, developer email chains, the actual source code, etc. That is not to say the existing documentation is not good. You will probably find what you are looking for eventually.

tshark.dev provides a unified and intuitive UI docs for working with packet captures on the CLI. The focus is on doing everything in the CLI because that is an interface your scripts and programs can use. Examples primarily use bash, with some examples in python and ruby. Programs such as Termshark and PyShark do novel things by leveraging tshark. You can too by using this guide!

1 sponsor has funded pocc’s work.

@cydanil

Featured work

  1. pocc/tshark.dev

    Repo to manage tshark.dev, deployed to netlify

    HTML 65
  2. pocc/pre-commit-hooks

    C/C++ hooks to integrate with pre-commit

    Python 328
  3. pocc/merlink

    This program will connect desktop clients to Meraki firewalls

    Python 3
  4. pocc/termshark

    A terminal UI for tshark, inspired by Wireshark

    Go
  5. pocc/pcapgraph

    Visualize a pcap with a matplotlib graph

    Python 4

Select a tier

$ a month

Choose a custom amount.

$5 a month

Select

If you support this website at $5/mo, I will give you a link to a pdf that is autoupdated on each commit. I use LaTeX and website content to create a "book" of 100+ pages. This link goes to a sample of the first ~10% of the "book" for a patron named "LANdo Calrissian".