windump -D
windump -i 2 icmp # ICMP only (ping) windump -i 2 tcp # TCP only windump -i 2 udp tcpdump on windows
| tcpdump | tshark equivalent | |---------|------------------| | tcpdump -i eth0 | tshark -i 2 | | tcpdump -c 5 | tshark -c 5 | | tcpdump -w file.pcap | tshark -w file.pcap | | tcpdump -r file.pcap | tshark -r file.pcap | | tcpdump port 80 | tshark -f "port 80" (capture filter) or tshark -Y "tcp.port==80" (display filter) | windump -D windump -i 2 icmp # ICMP
tshark is the command-line version of Wireshark and supports most tcpdump -like options. tcpdump on windows