Re: New to Wireshark Application

[Guy Harris <guy () alum mit edu>]

On May 29, 2014, at 6:39 AM, Kaushal Shriyan <kaushalshriyan () gmail com> wrote:

> Thanks for the reply. Help me understand, so i use tcpdump to do a packet trace and then use Wireshark to decode it?

Yes, you can do that, if the decoding that tcpdump does isn't sufficient.

> Can i use Wireshark to do pcap traces?

I.e., can you use Wireshark to capture traffic, as well as to analyze it?

Yes, you can.

> And also I am not sure what is tshark?

It's a command-line protocol analyzer, in the same sense that tcpdump and Sun's snoop are.  It can:

        capture traffic and print a dissected version of the packets, as tcpdump and snoop can;

        capture traffic and save it to a file, as tcpdump and snoop can;

        do both at the same time.

It's a companion program to Wireshark, using the same dissectors, so it can produce a Wireshark-like dissection.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe