Analyze packets from a file: tshark -r path/to/file.pcap.Write captured packet to a file: tshark -w path/to/file.Select specific fields to output: tshark -T fields|ek|json|pdml -e -e ip.src.Specify the format of captured output: tshark -T json|text|ps|….Decode a TCP port using a specific protocol (e.g.Only show packets matching a specific output filter: tshark -Y ' = "GET"'.Only capture packets matching a specific capture filter: tshark -f ' udp port 53'.Monitor everything on localhost: tshark.The number of the interface may vary depending on the network setup.Dump and analyze network traffic Examples (TL DR) The names depend on the interface card type used. The external interface can be found by selecting the corresponding virtual host in the menu "Application Firewall" - "Reverse Proxy". Typical names used for interfaces are eth0, eth1, vmnet1, etc. There is a management interface, a back-end interface and one or more external interfaces. The management and back-end interface can be found in the menu "System Setup" - "Nodes" in the Airlock Configuration Center. The most important thing to know when recording network traffic are the names of the used network interfaces.
Alternatively, you can use TShark, the command line version of Wireshark, directly. Traces recorded with tcpdump are compatible with other monitoring tools and analyzers like Wireshark. To record such traffic on Airlock Gateway the common Linux tool tcpdump can be used. This may be to analyze whether packets sent from external systems are reaching the Gateway, to check network connectivity, routing or firewall settings. It is often useful to record network traffic on one of the interfaces attached to Airlock Gateway.