TShark: The Basics

To access material, start machines and answer questions login.

TShark is an open-source command-line network traffic analyser. It is created by the Wireshark developers and has most of the features of Wireshark. It is commonly used as a command-line version of Wireshark. However, it can also be used like tcpdump. Therefore it is preferred for comprehensive packet assessments.

Learning Objectives

Filtering the traffic with TShark
Implementing Wireshark filters in TShark
Expanding and automating packet filtering with TShark

We have prepared a with TShark and the necessary files. You can start the machine by pressing the green Start Machine button attached to this task. The machine will start in split view. In case it is not opening the split view, you can press the blue Show Split View button at the top of the page.

We suggest completing the Network Fundamentals and Wireshark modules before starting this room.

Answer the questions below

Read the task above and start the attached VM.

Ready to learn Cyber Security?

The TShark: The Basics room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.

Already have an account? Log in

TShark: The Basics

Task 1IntroductionTask includes a deployable machine

Task 2Command-Line Packet Analysis Hints | TShark and Supplemental CLI ToolsPremium

Task 3TShark Fundamentals I | Main Parameters IPremium

Task 4TShark Fundamentals I | Main Parameters IIPremium

Task 5TShark Fundamentals II | Capture ConditionsPremium

Task 6TShark Fundamentals III | Packet Filtering Options: Capture vs. Display FiltersPremium

Task 7TShark Fundamentals IV | Packet Filtering Options: Capture FiltersPremium

Task 8TShark Fundamentals V | Packet Filtering Options: Display FiltersPremium

Task 9ConclusionPremium

Ready to learn Cyber Security?