Menu
I want to capture the package on a specific port on any interface of my machine.
I know how to capture the package on a specific port with a specific interface. And the command is
tshark -f "udp port 162" -i bond0
And if no interface is specified, TShark searches the list of interfaces, choosing the first non-loopback interface if there are any non-loopback interfaces.
But I want to capture the package on all the interface of my machine. Could anyone help me on this?
Thanks a lot!
283
Capturing Network Traffic Using tshark The simplest way of capturing data is by running tshark without any parameters, which will display all data on screen. You can stop data capturing by pressing Ctrl-C. The output will scroll very fast on a busy network, so it won't be helpful at all.
Filtering by Port in Wireshark For example, if you want to filter port 80, type this into the filter bar: “ tcp. port == 80 .” What you can also do is type “ eq ” instead of “==”, since “eq” refers to “equal.” You can also filter multiple ports at once.
tshark -i ${interface} -L will show you the available DLTs for the interface. If you need to change the DLT, use tshark -i ${interface} -y ${DLT} . For wireless adapters, changing the DLT to PPI is the equivalent of -I (turning on monitor-mode).
tshark -f "udp port 162" -i any
works for me here on Linux(CentOS).
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
