Let's continue with our Intro to Wireshark course with lesson 3 - learn how to capture traffic from the command line with Dumpcap. In high-throughput environments, or for those that like to use tools from the command line, this is a great way to bring in traffic for later analysis.
We will learn how to select an interface, save the pcap, and store traffic in a ring buffer.
Temporary path command on MacOS: PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/Wireshark.app/Contents/MacOS
Permanent addition to shell path on MacOS:
https://wpbeaches.com/how-to-add-to-the-shell-path-in-macos-using-terminal/
Permanent path entry on Windows 10:
https://helpdeskgeek.com/windows-10/add-windows-path-environment-variable/
More info on dumpcap options:
https://www.wireshark.org/docs/man-pages/dumpcap.html
Please smash the like button to let me know if you dig this content!
== More On-Demand Training from Chris ==
▶Getting Started with Wireshark - https://bit.ly/udemywireshark
▶Getting Started with Nmap - https://bit.ly/udemynmap
== Live Wireshark Training ==
▶TCP/IP Deep Dive Analysis with Wireshark - https://bit.ly/virtualwireshark
== Private Wireshark Training ==
Let's get in touch - https://packetpioneer.com/product/private-virtual-classroom/
Chapters in video:
0:00 Intro
0:58 Adding Command Line tools to Path
4:30 Capturing traffic with dumpcap
6:25 Writing traffic to a file
7:12 Writing traffic to a ring buffer
10:27 Why use the command line instead of Wireshark GUI?
67 Comments