tshark – useful tshark invocations

Here are a few useful ‘tshark’ (command-line wireshark) invocations:

  1. Show all traffic with a source or destination that is not on the LAN (non-RFC-1918) or multicast (224.0.0.0/4):

    tshark -n ‘not (src net (10 or 172.16/12 or 192.168/16 or 224.0/4) and dst net (10 or 172.16/12 or 192.168/16 or 224.0/4))’

  2. more to come. 🙂
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s