When paired with wc -l, we can quickly identify how many packets are in a capture. This will display a summary line of each packet similar to tcpdump output and is useful to identify high-level information about the capture. To read a file with TShark, we will use the -r switch.
This task uses the dns.cap capture file on the Wireshark SampleCaptures wiki page. #1 Mark Complete once installed/verifiedĪnswer: No answer Needed TASK 2: Reading PCAP Files Try running tshark -h to get the help output to make sure we can access the program properly. The tshark program is also available in a Windows installation as tshark.exe in the Wireshark install directory. If it’s not installed, sudo apt install tshark will do the trick. In my output above, we can see that it is installed.
0 kommentar(er)
