6PACKET ANALYSIS ON THE COMMAND LINE
While many scenarios can be addressed using a GUI, in some cases, using command line tools—such as TShark or tcpdump—is necessary or preferable. Here are some situations in which a command line tool might be used instead of Wireshark:
• Wireshark provides a lot of information at once. By using a command line tool, you can limit displayed information to only pertinent data, such as a single line showing IP addresses.
• Command line tools are best suited for filtering a packet capture file and providing the results directly to another tool using Unix pipes.
• Dealing with a very large capture file ...
Get Practical Packet Analysis, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
