Application with Output similar to the GUI output of "WireShark"

Sure, tshark (text shark) is the same program, but with a noninteractive command line interface.

You can also run tshark on the server and transfer the captures over ssh to a wireshark gui running somewhere else.

For example:

  mbp@joy% sudo tshark -i wlan0 -p  -R 'http'
  Capturing on wlan0
  3.929359 192.168.178.22 -> 66.102.11.104 HTTP GET / HTTP/1.1 
  4.104763 66.102.11.104 -> 192.168.178.22 HTTP HTTP/1.1 301 Moved Permanently  (text/html)
  4.118925 192.168.178.22 -> 66.102.11.104 HTTP GET / HTTP/1.1 
  4.295749 66.102.11.104 -> 192.168.178.22 HTTP HTTP/1.1 302 Found  (text/html)
  4.355713 192.168.178.22 -> 66.102.11.104 HTTP GET / HTTP/1.1 
  4.560568 66.102.11.104 -> 192.168.178.22 HTTP HTTP/1.1 200 OK  (text/html)
  4.588767 192.168.178.22 -> 66.102.11.104 HTTP GET /images/nav_logo40.png HTTP/1.1

You can also do tshark ... |tee packetlog so it goes both to the screen and to the file.

Or, alternatively, tshark -w stuff.pcap will write the raw packets into that file, which you can then copy to another machine and open within the wireshark gui, if you want to do more in-depth investigation.

tshark Install tshark is a good option.

An alternative is tcpdump Install tcpdump , which is a well-known predecessor. It's widely available on other platforms, so you might run into it even if you don't use it on your server.

Application with Output similar to the GUI output of "WireShark"

Related

Recent Posts