How to run Wireshark in the background without the GUI?

Solution 1:

As initially seen here:

As far as I remember TShark comes with all distributions of Wireshark. This runs from the command line. The documentation for it is here: http://www.wireshark.org/docs/man-pages/tshark.html

And there's some examples on how to use it here: http://www.codealias.info/technotes/the_tshark_capture_and_filter_example_page

— David Hewitt

Solution 2:

There is also a complete alternative in the form of tcpdump, which comes by default on many OS X installs. The syntax is different, but it's command-line only, and is invaluable in a smaller/command line only environment.

It must be run as root, otherwise undo sudo.

Solution 3:

As @VxJasonxV said you can use TCPDump and if you don't want the output show on terminal can use >> filename to TCPDump save result on your desired file.

you can use TCPDump with many options but I think this was the best one:

tcpdump -n -v -S -i en1 tcp

en1: interface that you assign IPv4

-v: produce (slightly more) verbose output

-S: Print absolute, rather than relative, TCP sequence numbers.

-n: Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.

-i: Listen on interface.

but this save the output that was not readable by human if you want to process the output that was readable by human you must use tshark:

the command that you must use is some thing like this:

tshark -r ~/home/myHome/Desktop/file_name(produce by tcpdump) -R "ip.src==172.16.13.128" -T fields -e frame.number -e frame.time -e ip.id -e tcp.window_size -e tcp.analysis.ack_rtt -E header=y > ~/home/myHome/Desktop/file_name.txt