TShark is a command line tool that enables to analyze the network traffic. It allows to capture packets from a network and print them to the standard output. TShark is a command line version of Wireshark that can be used when graphical user interface isn't available.
This tutorial explains how to install TShark on Raspberry Pi.
Use SSH to connect to Raspberry Pi. Update the package lists and install TShark by using these commands:
sudo apt update
sudo apt install -y tsharkDuring installation you will be asked if you want to allow non-root users to able to capture packets. Select the "Yes" option. It will add wireshark group and anyone who is a member of this group will be able to capture packets without being root user.
Add current user to a wireshark group:
sudo usermod -a -G wireshark $USERTo make changes to take effect, logout and login to Raspberry Pi. After you're reconnected, check TShark version:
tshark --versionTo start capturing packets on default network interface with TShark, simply execute this command:
tsharkTo identify which network interfaces are available to the TShark, run the following command:
tshark -DWe can use -i option to capture packets on specific network interface.
tshark -i wlan0If TShark is no longer needed and you want to completely remove it, run this command:
sudo apt purge --autoremove -y tshark
Leave a Comment
Cancel reply