Tuesday, December 8, 2015
Some tshark examples a mix of basic and somewhat advance
Viewing all IP packets
tshark -n -r filename.pcap -Y "ip"
Viewing all TCP packets
tshark -n -r filename.pcap -Y "tcp"
Viewing protocol hierarchy
tshark -n -r filename.pcap -z io,phs -q
View all IP endpoints
tshark -n -r filename.pcap -z endpoints,ip -q
View all TCP endpoints
tshark -n -r filename.pcap -z endpoints,tcp -q
View IP conversations
tshark -n -r filename.pcap -z conv,ip -q
View TCP conversations
tshark -n -r filename.pcap -z conv,tcp -q
Show tabular view with field headers
tshark -n -r filename.pcap -T fields -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport -e tcp.flags -E header=y
Verify that the first two bytes of the IP header is 0x4500
tshark -n -r filename.pcap -x "ip[0:2] == 45:00"
Source IP is 192.168.0.2
tshark -n -r filename.pcap -x "ip[12:4] == c0:a8:00:02"
destination IP is 192.168.0.1
tshark -n -r filename.pcap -x "ip[16:4] == c0:a8:00:01"
Show IPv4 Destinations/Statistics and Ports
tshark -n -r filename.pcap -z dests,tree -q
Follow TCP stream
tshark -n -r filename.pcap -z follow,tcp,ascii,0 -q
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment