o Starting a packet capture at the terminal window is a simple as this syntax to capture on an interface named eth$0.$ This will display any captured packets in the terminal window.

sudo tshark $-$i eth$0$

o You can optionally specify fields you want to display, so you can more easily see information of interest. You can use whatever you would put in Wireshark in the filter window as a field. For example, if I just wanted to display the source and destination IP addresses in each packet, I could use the following line. $($Include a separate $-$e fieldname for each field to display.$)$

sudo tshark $-$i eth$0-$T fields $-$e ip$.$src $-$e ip$.$dst

Explore the network traffic to look for clues. Keep in mind that this traffic may be from machines other than the ones you have access to as the analyst.