Wireshark has several command-line tools that complement Wireshark's basic functionality and will allow you to do several tasks, such as edit, split, and manipulate packet captures. The following table lists some of the tools available. All the CLI tools are baked into Wireshark; however, they are also available to use as lightweight tools to work with packet captures:
Tool | Function |
dumpcap | A program used to capture network traffic |
editcap | Can edit and subset capture files |
capinfos | Provides basic statistics on the capture file |
mergecap | Can merge multiple capture files into one |
text2pcap | Converts a hexdump of ASCII (short for American Standard Code for Information Interchange) packets into a capture file |
tshark | A lightweight command-line equivalent of Wireshark |
As you can see, there are many command-line tools to capture network traffic. Let's take a look at tshark, which is a great alternative to use when you need to conserve resources.