Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Awesome! I always wanted a command-line alternative to wireshark. I learned about tcpdump about a year ago, but the amount of options is a little off putting. I'm glad this guide came along.


Command-line alternative to wireshark is tshark. tshark is much more capable, since you can use all the well-made Wireshark protocol dissectors.


tshark also has a fabulous ring buffer feature that lets you run captures continuously while chunking the files up into manageable sizes.

e.g. -b filesize:100000 -b files:200 -w somefile

This will make a ring buffer of 200 * 100MB files.

After typing this, I realized this may have limited use cases, but I use it almost every day.


If you are on a system that doesn't have tshark, tcpdump provides the same functionality via the -C <file_size_in_MB> -W <num_files> flags.

e.g. -C 100 -W 200 -w somefile will get you the same circular ring of 200 100MB files.

Also, don't forget to add the -s 0 flag if you want to get the entire payload.


It's a great ad-hoc solution for monitoring types of traffic. I've used it too. :-)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: