Most of the captures you look at will be ones you captured yourself. This tshark command combines multiple elements that may be relevant to your capture (eventually all of these will be links):
Also see https://wiki.wireshark.org/CaptureSetup.
| Cmd | Read From | Limit Filesize | Change Capture | Output Format |
|---|---|---|---|---|
| tshark | Interface | -f Capture Filter | Name resolving flags | -w Capture |
| File | -Y Display Filters | Comments | -x Hexdump | |
| Pipe | Disable Protocols | -K Decrypt with Keytab | -T Data Formats | |
| Disable Heuristics | -X Lua Scripting | Text Report | ||
| -O Protocols | Export Files | |||
| -a Stop Condition | ||||
| -b Ring Buffers |
How you get the packets
Read the file while it's downloading
Build your own interface
Capture from a remote machine
Packet Headwaters
Default interfaces on Windows, Macos, Linux, and FreeBSD