The TShark: The Basics room on TryHackMe introduces you to TShark, the command-line version of Wireshark. While Wireshark uses graphical interface, TShark offers the same packet analysis capabilities in a lightweight, scriptable format.
In this room, you learn how to capture and filter traffic directly from the terminal, analyze packets using specific display filters, and extract key pieces of information like IP addresses, protocols, and hostnames. By working through the exercises, you build the foundation to automate traffic analysis tasks and handle large packet captures without the overhead of a GUI.
Completing this room gave me hands-on experience with one of the most versatile network analysis tools available. I walked away with a better understanding of how to dig into packet captures at the command line, making me faster and more efficient when investigating network activity. It reinforced the importance of mastering both the graphical and command-line sides of packet analysis in real-world cybersecurity work.
Completed September 1, 2025