tshark is the command-line version of Wireshark for Linux
Sometimes we want to look at the specific details of protocols. If we’re using tcpdump, we’d need to download the data locally and view it with Wireshark
At this point, we can use tshark
apt install tshark
On CentOS, install Wireshark directly, yum install wireshark
Capture HTTP protocol details on port 80
tshark -s 1024 -i any -f ‘tcp port 80’ -V -Y ‘http.request’ -l
Capture MySQL
tshark -s 512 -i any -f ‘tcp port 3306’ -V -Y “mysql.query” -T fields -e mysql.query
Capture HTTP on CentOS
tshark -s 10240 -i any -f ‘tcp port 80’ -V -R ‘http.request’ -l