tsharkとtcpdumpの簡単な使用


#   
tshark -v
#   
tshark -h
tcpdump -h
#       
tshark -D
root@kali:~# tshark -D
Running as user "root" and group "root". This could be dangerous.
1. eth0
2. lo (Loopback)
# -i        
tshark -i 1
tcpdump -i eth0
# PS:  eth0  
# -w       
tshark -i 1 -w packets.pcap
tcpdump -i eth0 -w packets.pcap
# PS:      packets.pcap   
# -r             
tshark -r packets.pcap
tcpdump -r packets.pcap
# -c          
tshark -r packets.pcap -c10
tcpdump -r packets.pcap -c10
# PS:  packets.pcap         
tshark -i 1 -w packets.pcap -c10
tcpdump -i eth0 -w packets.pcap -c10
# PS:          packets.pcap
# -V            
tshark -r packets.pcap -V -c1
# PS:             
# -v  v                  
tcpdump -r packets.pcap -vvv
# PS:tcpdump -vvv  tshark -V       
# -x       ASCII     
tshark -xr packets.pcap
tcpdump -Xr packets.pcap
# PS:tshark x tcpdump X
# -n   tshark     
tshark -ni 1
tshark -i 1 -Nt
# PS:-Nt          
#   -N        ,              
# m:MAC    
# n:      
# t:     
tcpdump -nni eth0
# PS:tcpdump -n  IP     -nn        
# -f              BPF  
tshark -ni 1 -w packets.pcap -f "tcp port 80"
# -Y        
tshark -ni 1 -w packets.pcap -Y "tcp.dstport == 80"
tshark -r packets.pcap -Y "tcp.dstport == 80"
# tcpdump      BPF
tcpdump -ni eth0 -w packets.pcap 'tcp dst port 80'
tcpdump -r packets.pcap 'tcp dst prot 80'
tcpdump -r packets.pcap 'tcp dst port 80' -w http_packets.pcap
# PS: packets.pcap     dst prot 80       http_packets.pcap 
# tcpdump -F     BPF     
tcpdump -nni eth0 -F dns_servers.bpf
# PS:    bpf            bpf         

# -t ad       
tshark -r packets.pcap -t ad
# PS:a      ad        
# -z       
tshark -r packets.pcap -z conv,ip
tshark -r packets.pcap -z http,tree
tshark -r packets.pcap -z follow,tcp,ascii,0
# PS: ascii    TCP 0