wireshark en ligne de commande
https://www.wireshark.org/docs/man-pages/tshark.html
http://www.cafewebmaster.com/packet-sniffing-and-monitoring-tshark-wireshark
http://www.commandlinefu.com/commands/tagged/1043/tshark
http://blog.nicolargo.com/2010/03/tshark-lautre-tcpdump.html
Quelques exemples :
tshark -d tcp.port==80,http -T text -x
tshark -R "ip.addr == 192.168.1.25 && http.request.method==GET"
tshark -R "http.request.method==GET"
tshark -R "smtp"
# sniff
tshark -S
tshark tcp port 80 or tcp port 443 -V -R "http.response"
# contenu HTML
tshark tcp port 80 or tcp port 443 -V -R "http.request || http.response"
tshark tcp port 465 -V
tshark tcp port 465 -V -R "pop.request || pop.response"
tshark -R 'pop.request.parameter contains 'user''
tshark tcp port 465 -V -R "smtp.rsp.parameter contains "Sender""
tshark -f "port 25" -R "smtp.rsp.parameter contains "Sender""