sflow/tshark

By sflow

Updated 4 days ago

Decode sFlow packet samples using tshark

Image
1

547

What is tshark?

tshark is a command line utility for filtering and printing the contents of network packets. This image receives sFlow and feeds the sampled packet headers through tshark.

How to use this image

docker run -p 6343:6343/udp sflow/tshark

Configure sFlow agents to send data to UDP port 6343 on the container. Sampled packet headers will be printed to standard output.

docker run -p 6343:6343/udp sflow/tshark -h

Get help on command line arguments.

docker run -p 6343:6343/udp sflow/tshark -Y "ip.addr == 10.0.0.30"

Display packets for a selected host.

docker run -p 6343:6343/udp sflow/tshark -Y "tcp.port == 80"

Display web traffic (TCP port 80).

See Display Filters for more information on packet filtering.

docker run -p 6343:6343/udp sflow/tshark -z endpoints,ip -c 100

Collect 100 packets and report ip packet / byte counts by host address.

License

Please read and accept the sFlow License before downloading this software.

Docker Pull Command

docker pull sflow/tshark