Ross Jacobs

is creating

About Ross Jacobs

Capture Lifecycle with Tshark

Most Wireshark documentation focuses on the GUI. In its many forms, it spans 2 Wireshark guides, 2 Wireshark forums, manpages, developer email chains, the actual source code, etc. That is not to say the existing documentation is not good. You will probably find what you are looking for eventually. provides a unified and intuitive UI docs for working with packet captures on the CLI. The focus is on doing everything in the CLI because that is an interface your scripts and programs can use. Examples primarily use bash, with some examples in python and ruby. Programs such as Termshark and PyShark do novel things by leveraging tshark. You can too by using this guide!

Recent posts by Ross Jacobs