How to use Tshark - the brother of Wireshark

Hello everyone~~

This is IRISnoir from Hackingarise. Bringing to you a tutorial. Let’s get started.

Now, this tutorial’s gonna show you about the usage of Tshark

Now, a little description: Tshark is the brother of Wireshark. But, Tshark is only compatible on terminal mode while Wireshark can only be used in VNC mode (called wireshark-gtk).

Now, Tshark’s installation:
It is located at the root-repo so make sure you have it subscribed with:
$ pkg install root-repo
If done, you can install it with:
$ pkg install tshark

Because Tshark’s in the root-repo, it means it has something to do with rooting your device. So go and root your device if you expect this tool to be helpful.

Now, using it casually without root will just make it turn into a Random packet generator. It means it will generate 1000 packets for your eyes to enjoy. No actual reconnaissance.

But using root will give it an entire different sensation. What you need is a connected Wifi. Then do this:
tsudo tshark -i wlan0 --color
-i will let you specify interface. But we want to sniff the wifi, we use wlan0
--color will make it rainbow colorful like the wireshark so you can distinguish traffic better.

Upon activation, you will get to see the whole traffic of the wifi. Pretty exciting to see and monitor everyone’s action. Makes you the (kinda) boss and if you are nice, you can monitor and watch for hackers like a fellow security.

If you find anything incriminating like ARP requests flooding, DoS/DDoS attempt then you need to report or do something to be safe or protect users in the network.

You can watch the help page, man page to see what you can do. Like increasing verbosity.

I hope that this tutorial will help you. We do NOT encourage you to do malicious acts on innocent people. Hackingarise is NOT responsible for your acts. Thank you very much for reading.