.. include:: vars.rst

.. _section-CapturingForOfflineAnalysis:

Capturing Traffic for Offline Analysis
======================================

If Wireshark isn’t available on the host that you want to analyze, you 
can capture traffic from the console/terminal. Then you can use Wireshark to 
display/analyze the captured traffic offline (instead of as live traffic).

To capture traffic from the console/terminal, use **tcpdump** or **tshark**. 
To learn about these tools, enter ``tcpdump --help`` or ``tshark --help``.

Note: On some hosts, you may need administrator permissions to capture traffic. 
If you happen to need them and you don’t run as sudo/admin, you will not see 
any interfaces available to capture. Just close Wireshark and rerun it as 
sudo/admin.