On May 29, 2014, at 6:39 AM, Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:
> Thanks for the reply. Help me understand, so i use tcpdump to do a packet trace and then use Wireshark to decode it?
Yes, you can do that, if the decoding that tcpdump does isn't sufficient.
> Can i use Wireshark to do pcap traces?
I.e., can you use Wireshark to capture traffic, as well as to analyze it?
Yes, you can.
> And also I am not sure what is tshark?
It's a command-line protocol analyzer, in the same sense that tcpdump and Sun's snoop are. It can:
capture traffic and print a dissected version of the packets, as tcpdump and snoop can;
capture traffic and save it to a file, as tcpdump and snoop can;
do both at the same time.
It's a companion program to Wireshark, using the same dissectors, so it can produce a Wireshark-like dissection.