Wireshark-users: Re: [Wireshark-users] New to Wireshark Application

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 29 May 2014 13:04:43 -0700
On May 29, 2014, at 6:39 AM, Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:

> Thanks for the reply. Help me understand, so i use tcpdump to do a packet trace and then use Wireshark to decode it?

Yes, you can do that, if the decoding that tcpdump does isn't sufficient.

> Can i use Wireshark to do pcap traces?

I.e., can you use Wireshark to capture traffic, as well as to analyze it?

Yes, you can.

> And also I am not sure what is tshark?

It's a command-line protocol analyzer, in the same sense that tcpdump and Sun's snoop are.  It can:

	capture traffic and print a dissected version of the packets, as tcpdump and snoop can;

	capture traffic and save it to a file, as tcpdump and snoop can;

	do both at the same time.

It's a companion program to Wireshark, using the same dissectors, so it can produce a Wireshark-like dissection.