Using Wireshark Command Line Tools

by Betty DuBois

Certain tasks are always faster and more flexible at the command line, while some can only be performed there. Wireshark is no different. You will learn how to use Wireshark command line tools such as tshark, dumpcap, editcap, and mergecap.

What you'll learn

Packets are often referred to as the ultimate source of computer network truth. Security Engineers need them to examine and manage security threats or breaches quickly. Network Engineers demand them to get to the root cause of an issue before the user experience is affected. Software Engineers require them to measure response times across variable speed networks to adjust timers within the code. In this course, Using Wireshark Command Line Tools, you'll learn to use tshark, dumpcap, editcap, and mergecap to capture, filter, convert and analyze the packets flying across the network. First, you'll explore configuring a Windows machine to have Wireshark CLI tools in its PATH statement, determining which tool is best to capture packets in a given scenario, and differentiating between capture and display filters, and exploring examples using filter syntax. Next you'll combine hundreds of pcap files into a single file and extract only the packets necessary to respond to a trouble ticket or log event. Finally, you'll learn how to analyze the packets using statistics, including how to locate the top TCP conversation or IPv4 talker, identify network congestion or a security threat. When you’re finished with this course, you’ll have the skills and knowledge of Wireshark Command Line tools needed to capture and filter packets, and also convert and analyze packet capture files (pcaps).

About the author

Betty DuBois is a packet detective. She has been solving customer mysteries since 1997. She shares her passion by presenting at SharkFest, and being active in the Wireshark community.

Ready to upskill? Get started