Capture Lifecycle with Tshark



tshark.dev is your complete guide to working with packet captures on the command-line. The focus is on doing everything in the CLI because that is an interface your scripts and programs can use. Bash features prominently here, with some examples also in python and ruby. Programs such as Termshark and PyShark do novel things by leveraging tshark. You can too by using this guide!

For the uninitiated, tshark is the CLI component of Wireshark, and both help you troubleshoot network problems. If you do not have Wireshark installed and configured, Start Here. Use the minimap or sidebar to find what you need.

This is a living, breathing guide. Contributions and suggestions are welcome!

How Is This Different from Wireshark Docs?

Most Wireshark documentation focuses on the GUI. In its many forms, it spans two Wireshark guides, multiple forums, a wiki, man pages, developer email chains, etc. That is not to say the existing documentation is not good. You will find what you are looking for eventually.

Being outside of the Wireshark project allows this website to cover topics that are external to it. Depending on the article, this can vary from scripting with bash or example usage of other programs. Tshark.dev and Wireshark docs are related but differ in their scopes.

Table of Contents