TShark

Functionally a command line version of wireshark.

tshark -r [fileName]
tshark -r [fileName] -z [some statistics rules]
tshark -r [fileName] -z [some statistics rules} -q (remove packet printing)
tshark -r [filename] -T fields -e [a header to show] -e [another header to show]
tshark -r [filename] -Y ‘wireshark filters here’
tshark -r [filename] -Y ‘wireshark filters here’ –export-objects streamType,directoryToSaveFiles

Usefult ‘stats’

hosts -> list IPs and Hosts
follow,tcp,ascii,0 -> follow the first TCP stream, display output in ASCII