wiki.getshifting.com

--- Sjoerd Hooft's InFormation Technology ---

Trace: • WireShark

Sidebar

About me
LinkedIn
Blue Sky

WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer or client.

wiresharknotes

Table of Contents

WireShark
- Trace in Linux
- Display Filters

WireShark

Summary: How to work with wireshark.
Date: 3 January 2025

Trace in Linux

tcpdump -w /tmp/tracefile

You can end the trace using <ctrl> + c, after which you can open the file using wireshark.

Display Filters

Only IP-address 10.10.10.10
- ip.addr == 10.10.10.10
Everything except IP-address 10.10.10.10
- !(ip.addr == 10.10.10.10)
Everything except DNS and NTP
- !(udp.port == 53) and !(udp.port == 123)

wiresharknotes.txt · Last modified: 2025/06/01 11:59 by 127.0.0.1