Wireshark

• User Guide

Analyse .pcap file:

...

tshark

• Website & Docs

Capture and display filters

From Docs: Capture Filters:

Capture filters are based on BPF syntax, which tcpdump also uses. As libpcap parses this syntax, many networking programs require it.

• Berkeley Packet Filter (BPF) syntax Filter by network range IPs (either src or dst):

tshark -i cni0 ip net 1.2.3.0/24 or ip net 5.6.7.0/24

Output formatting

Output only source IP and ports:

tshark -i wlp0s20f3 -T fields -e ip.src -e tcp.port