sflow/tshark
tshark is a command line utility for filtering and printing the contents of network packets. This image receives sFlow and feeds the sampled packet headers through tshark.
docker run -p 6343:6343/udp sflow/tshark
Configure sFlow agents to send data to UDP port 6343 on the container. Sampled packet headers will be printed to standard output.
docker run -p 6343:6343/udp sflow/tshark -h
Get help on command line arguments.
docker run -p 6343:6343/udp sflow/tshark -Y "ip.addr == 10.0.0.30"
Display packets for a selected host.
docker run -p 6343:6343/udp sflow/tshark -Y "tcp.port == 80"
Display web traffic (TCP port 80).
See Display Filters for more information on packet filtering.
docker run -p 6343:6343/udp sflow/tshark -z endpoints,ip -c 100
Collect 100 packets and report ip packet / byte counts by host address.
Please read and accept the sFlow License before downloading this software.
docker pull sflow/tshark