dump and analyze network traffic


GUI application for capturing and dissecting network traffic.

Filter syntax

Full filter reference

Some useful filters:


Command line version of Wireshark, typically installed alongside it. Useful for scripting and very large files that Wireshark can choke on.

Filter a pcap file by IP address: tshark -r file.pcap.gz -2 -R 'ip.addr ==' -w ip-1234.pcap


Quick tcpdump command which will dump packets to verify connectivity:

sudo tcpdump -i eth0 -s0 -X

To filter to/from a specific host, use host; for ICMP use icmp