From 0428b0379af8a49468a970aa0728a3cf093f486d Mon Sep 17 00:00:00 2001
From: Tigran Tch <nargitinthenight@gmail.com>
Date: Thu, 7 Feb 2019 15:27:17 +0100
Subject: [PATCH] tshark: add page (#2758)

---
 pages/linux/tshark.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 pages/linux/tshark.md

diff --git a/pages/linux/tshark.md b/pages/linux/tshark.md
new file mode 100644
index 0000000000..72ef54c3bc
--- /dev/null
+++ b/pages/linux/tshark.md
@@ -0,0 +1,31 @@
+# tshark
+
+> Packet analysis tool, CLI version of wireshark.
+
+- Monitor everything on localhost:
+
+`tshark`
+
+- Only output captured packets matching a specific wireshark filter:
+
+`tshark -Y '{{http.request.method == "GET"}}'`
+
+- Decode a TCP port using a specific protocol (e.g. HTTP):
+
+`tshark -d tcp.port=={{8888}},{{http}}`
+
+- Specify the format of captured output:
+
+`tshark -T {{json|text|ps|…}}`
+
+- Select specific fields to output:
+
+`tshark -T {{fields|ek|json|pdml}} -e {{http.request.method}} -e {{ip.src}}`
+
+- Write captured packet to a file:
+
+`tshark -w {{path/to/file}}`
+
+- Analyze packets from a file:
+
+`tshark -r {{file_name}}.pcap`