Sniffer

Tshark

Tshark Basic Commands

tbd

Capture DNS on wg0 Interface, v4 & v6

tshark -nn -i wg0 -e ip.src -e ip6.src -e dns.qry.name -E separator=";" -T fields port 53

Ringbuffer

Capture Files, Rotate every 10MB, keep last 25 files

doas tshark -n -i em0 -w sniff -b filesize:10000 -b files:25

Ringbuffer with Autostop -> Time

Capture Files, Rotate every 10MB, keep last 25 files, Stop after 1h

doas tshark -n -i em0 -w sniff -b filesize:10000 -b files:25 -a duration:3600

Ringbuffer with Autostop -> Packets

Capture Files, Rotate every 10MB, keep last 25 files, Stop after 100000 Packets