Welcome to the Cyara Knowledge Center

Wireshark can be used without the graphical user interface from a terminal with the TShark command.

Open a windows terminal with administrator rights. Run the tshark -D command. This command will give the numbers of the network on the computer.

Run tshark -i # command, replacing the # with the number of the interface to capture on.

TShark acts like Wireshark, printing the traffic it captures to the terminal. Use Ctrl-C to stop the capture.

To capture the Wireshark trace to a file, use tshark -i # -w filename.

TShark will not read the packets being captured, but it will count them as it captures them. Use the File -> Open option in Wireshark to open the capture file later.