# tshark

## List unique source/destination IP addresses in pcap:

```bash
tshark -r capture.pcap -T fields -e ip.src | sort -u
tshark -r capture.pcap -T fields -e ip.dst | sort -u
```

## Capture to a PCAP

```jsx
tshark -i eth0 -w capture.pcap
```

## CheatSheets

(covered in ads) [tshark - Wireshark Command Line Cheat Sheet](https://cheatography.com/mbwalker/cheat-sheets/tshark-wireshark-command-line/)

<figure><img src="https://709941539-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LK4p1VOimwBOsfla2lw%2Fuploads%2FMpKj9c5Vh3wl1DPrbzMB%2Fimage.png?alt=media&#x26;token=a52a713e-1b50-400f-911b-c55390cf922e" alt=""><figcaption></figcaption></figure>