\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{mbwalker} \pdfinfo{ /Title (tshark-wireshark-command-line.pdf) /Creator (Cheatography) /Author (mbwalker) /Subject (tshark - Wireshark Command Line Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{1754A3} \definecolor{LightBackground}{HTML}{F0F4F9} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{tshark - Wireshark Command Line Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{mbwalker} via \textcolor{DarkBackground}{\uline{cheatography.com/26872/cs/7667/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}mbwalker \\ \uline{cheatography.com/mbwalker} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Not Yet Published.\\ Updated 8th December, 2020.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{2} \begin{tabularx}{8.4cm}{x{2.56 cm} x{5.44 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Capture interface options}} \tn % Row 0 \SetRowColor{LightBackground} -i \textless{}interface\textgreater{} & name or index of interface (defaults to 1st non-loopback) \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} -f \textless{}capture filter\textgreater{} & packet filter in libpcap filter syntax \tn % Row Count 5 (+ 2) % Row 2 \SetRowColor{LightBackground} -p & disable capturing in promiscuous mode \tn % Row Count 7 (+ 2) % Row 3 \SetRowColor{white} -B \textless{}buffer size\textgreater{} & size of kernel buffer (def. 2MB) \tn % Row Count 9 (+ 2) % Row 4 \SetRowColor{LightBackground} -y \textless{}link type\textgreater{} & link layer type (def. first appropriate) \tn % Row Count 11 (+ 2) % Row 5 \SetRowColor{white} -D & print list of interfaces and exit \tn % Row Count 13 (+ 2) % Row 6 \SetRowColor{LightBackground} -L & print list of link layer types and exit \tn % Row Count 15 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{2.96 cm} x{5.04 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Capture stop conditions}} \tn % Row 0 \SetRowColor{LightBackground} -c \textless{}packet count\textgreater{} & stop after n packets (def. infinite) \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} -a \textless{}autostop condition\textgreater{} & duration:\textless{}num\textgreater{} - stop after \textless{}num\textgreater{} seconds\{\{nl\}\}filesize:\textless{}num\textgreater{} - stop file after \textless{}num\textgreater{} KB \{\{nl\}\}files:\textless{}num\textgreater{} - stop after \textless{}num\textgreater{} files \tn % Row Count 8 (+ 6) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{2.56 cm} x{5.44 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Capture output}} \tn % Row 0 \SetRowColor{LightBackground} -b \textless{}ringbuffer opt\textgreater{} & {\bf{duration:\textless{}num\textgreater{}}} - switch to next file after \textless{}num\textgreater{} seconds\{\{nl\}\}{\bf{filesize:\textless{}num\textgreater{}}} - switch to next file after \textless{}num\textgreater{} KB\{\{nl\}\}{\bf{files:\textless{}num\textgreater{}}} - ringbuffer: replace after \textless{}num\textgreater{} files \tn % Row Count 7 (+ 7) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Processing options}} \tn % Row 0 \SetRowColor{LightBackground} -2 & perform a two-pass analysis \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} -R \textless{}read filter\textgreater{} & packet read filter in Wireshark display filter syntax \tn % Row Count 5 (+ 3) % Row 2 \SetRowColor{LightBackground} -Y \textless{}display filter\textgreater{} & packet display filter in Wireshark display filter syntax \tn % Row Count 8 (+ 3) % Row 3 \SetRowColor{white} -n & disable all name resolutions \tn % Row Count 10 (+ 2) % Row 4 \SetRowColor{LightBackground} -N \textless{}name resolve flags\textgreater{} & enable specific name resolutions: "mnNtCd" \tn % Row Count 13 (+ 3) % Row 5 \SetRowColor{white} -d \textless{}layer type\textgreater{}==\textless{}selector\textgreater{},\textless{}decode\_as\_protocol\textgreater{} & decode as, see the \{\{link="https://www.wireshark.org/docs/man-pages/tshark.html"\}\}tshark man page\{\{/link\}\} for details \tn % Row Count 19 (+ 6) % Row 6 \SetRowColor{LightBackground} -H \textless{}hosts file\textgreater{} & read a list of entries from a hosts file which will then be written to a capture file (implies -W n) \tn % Row Count 24 (+ 5) % Row 7 \SetRowColor{white} -{}-disable-protocol \textless{}proto\_name\textgreater{} & disable dissection of \textless{}proto\_name\textgreater{} \tn % Row Count 26 (+ 2) % Row 8 \SetRowColor{LightBackground} -{}-enable-heuristic \textless{}short\_name\textgreater{} & enable dissection of heuristic protocol \tn % Row Count 28 (+ 2) % Row 9 \SetRowColor{white} -{}-disable-heuristic \textless{}short\_name\textgreater{} & disable dissection of heuristic protocol \tn % Row Count 30 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{2.4 cm} x{5.6 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Micellaneous options}} \tn % Row 0 \SetRowColor{LightBackground} -h & display help and exit \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} -v & dispaly version info and exit \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} -o \textless{}name\textgreater{}:\textless{}value\textgreater{} & override preference setting \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} -K \textless{}keytab\textgreater{} & keytab file to use for Kerberos decryption \tn % Row Count 7 (+ 2) % Row 4 \SetRowColor{LightBackground} -G \textless{}report\textgreater{} & dump one of several available reports and exit\{\{nl\}\}default report="fields"\{\{nl\}\} use -G ? for more help \tn % Row Count 11 (+ 4) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{3.04 cm} x{4.96 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{RPCAP options}} \tn % Row 0 \SetRowColor{LightBackground} -A \textless{}user\textgreater{}:\textless{}password\textgreater{} & use RPCAP password authentication \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{} \tn % Row Count 2 (+ 0) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{1.76 cm} x{6.24 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Input file options}} \tn % Row 0 \SetRowColor{LightBackground} -r \textless{}infile\textgreater{} & set the filename to read from (- to read from stdin) \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{} \tn % Row Count 2 (+ 0) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{3.2 cm} x{4.8 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Output file options}} \tn % Row 0 \SetRowColor{LightBackground} -w \textless{}outfile|-\textgreater{} & write packets to a pcap-format file named "outfile" (or to stadard output file for -) \tn % Row Count 4 (+ 4) % Row 1 \SetRowColor{white} -C \textless{}config profile\textgreater{} & start with specified configuration profile \tn % Row Count 6 (+ 2) % Row 2 \SetRowColor{LightBackground} -F \textless{}output file type\textgreater{} & set the output file type (def. is pcapng)\{\{nl\}\} an empty -F option will list the file types \tn % Row Count 10 (+ 4) % Row 3 \SetRowColor{white} -V & add output of packet tree (Packet Details) \tn % Row Count 12 (+ 2) % Row 4 \SetRowColor{LightBackground} -O \textless{}protocols\textgreater{} & only show packet details of these protocols (comma separated) \tn % Row Count 15 (+ 3) % Row 5 \SetRowColor{white} -P & print packet summary even while writing to file \tn % Row Count 17 (+ 2) % Row 6 \SetRowColor{LightBackground} -S \textless{}separator\textgreater{} & the line separator to print between packets \tn % Row Count 19 (+ 2) % Row 7 \SetRowColor{white} -x & add output of hex and ASCII dump (Packet Bytes) \tn % Row Count 21 (+ 2) % Row 8 \SetRowColor{LightBackground} -T \seqsplit{pdml|ps|psml|text|fields} & format of text output (def: text \tn % Row Count 23 (+ 2) % Row 9 \SetRowColor{white} -e \textless{}field\textgreater{} & field to print if -Tfields selected (tcp.port, ws.col.info)\{\{nl\}\}this option can be repeated to print multiple fields \tn % Row Count 28 (+ 5) % Row 10 \SetRowColor{LightBackground} -E \textless{}fieldsoption\textgreater{}=\textless{}value\textgreater{} & set options for output when -Tfields selected:\{\{nl\}\}{\bf{header=y|n}} - switch headers on and off\{\{nl\}\}{\bf{separator=/t|/s|\textless{}char\textgreater{}}} - select tab, space, printable character as separator\{\{nl\}\}{\bf{occurence=f|L|a}} - print first, last or all occurences of each field\{\{nl\}\}{\bf{aggregator=,|/s|/\textless{}char\textgreater{}}} - select comma, space, printable character as aggregator\{\{nl\}\}{\bf{quote=d|s|n}} - select double, single or no quotes for values \tn % Row Count 46 (+ 18) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{x{3.2 cm} x{4.8 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Output file options (cont)}} \tn % Row 11 \SetRowColor{LightBackground} -t \seqsplit{a|ad|d|dd|e|r|u|ud} & output format of timestamps (def: r rel. to first) \tn % Row Count 3 (+ 3) % Row 12 \SetRowColor{white} -u s|hms| & output format of seconds (def: s - seconds) \tn % Row Count 5 (+ 2) % Row 13 \SetRowColor{LightBackground} -l & flush standard output after each packet \tn % Row Count 7 (+ 2) % Row 14 \SetRowColor{white} -q & be more quiet on stdout (when using statistics) \tn % Row Count 9 (+ 2) % Row 15 \SetRowColor{LightBackground} -Q & only log true errors to stderr (quieter that -q) \tn % Row Count 11 (+ 2) % Row 16 \SetRowColor{white} -g & enable group read access on the output file(s) \tn % Row Count 13 (+ 2) % Row 17 \SetRowColor{LightBackground} -W n & save extra info in the file, if supported\{\{nl\}\}n= write network address resolution info \tn % Row Count 17 (+ 4) % Row 18 \SetRowColor{white} -X \textless{}key\textgreater{}:\textless{}value\textgreater{} & eXtension options, see \{\{link="https://www.wireshark.org/docs/man-pages/tshark.html"\}\}tshark man page \{\{/link\}\} for details \tn % Row Count 23 (+ 6) % Row 19 \SetRowColor{LightBackground} -z \textless{}statistics\textgreater{} & various statistics, see \{\{link="https://www.wireshark.org/docs/man-pages/tshark.html"\}\}tshark man page\{\{/link\}\} for details \tn % Row Count 29 (+ 6) % Row 20 \SetRowColor{white} -{}-capture-comment \textless{}comment\textgreater{} & add a capture comment to the newly created output file ({\bf{only for pcapng format}}) \tn % Row Count 33 (+ 4) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{x{3.2 cm} x{4.8 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Output file options (cont)}} \tn % Row 21 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{} \tn % Row Count 0 (+ 0) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}