List available network interfaces for packet capture

tshark -D

Capture only ICMP traffic from interface “Ethernet”

tshark -i Ethernet icmp

Extract only interesting data for analysis (Filter with 2 pass analysis)

tshark -r full_capture.pcap -R "tcp.port == 1521" -2 -w only_oracle.pcap

tshark ring buffer - continous capturing shark capture using the ring buffer

tshark -i 5 -b files:20 -b filesize:50000 -w d:\rcwork\temp\tshark_capture\tsharking.pcap

NOTE: 
-i  –> interface number
-b files: –> number of files used in rotation
-b filesize: –> Bytes of to contain in each file
-w –> capture file storation folder and suffix based on timestamp will be added