tsharkとtcpdumpの簡単な使用
3796 ワード
#
tshark -v
#
tshark -h
tcpdump -h
#
tshark -D
root@kali:~# tshark -D
Running as user "root" and group "root". This could be dangerous.
1. eth0
2. lo (Loopback)
# -i
tshark -i 1
tcpdump -i eth0
# PS: eth0
# -w
tshark -i 1 -w packets.pcap
tcpdump -i eth0 -w packets.pcap
# PS: packets.pcap
# -r
tshark -r packets.pcap
tcpdump -r packets.pcap
# -c
tshark -r packets.pcap -c10
tcpdump -r packets.pcap -c10
# PS: packets.pcap
tshark -i 1 -w packets.pcap -c10
tcpdump -i eth0 -w packets.pcap -c10
# PS: packets.pcap
# -V
tshark -r packets.pcap -V -c1
# PS:
# -v v
tcpdump -r packets.pcap -vvv
# PS:tcpdump -vvv tshark -V
# -x ASCII
tshark -xr packets.pcap
tcpdump -Xr packets.pcap
# PS:tshark x tcpdump X
# -n tshark
tshark -ni 1
tshark -i 1 -Nt
# PS:-Nt
# -N ,
# m:MAC
# n:
# t:
tcpdump -nni eth0
# PS:tcpdump -n IP -nn
# -f BPF
tshark -ni 1 -w packets.pcap -f "tcp port 80"
# -Y
tshark -ni 1 -w packets.pcap -Y "tcp.dstport == 80"
tshark -r packets.pcap -Y "tcp.dstport == 80"
# tcpdump BPF
tcpdump -ni eth0 -w packets.pcap 'tcp dst port 80'
tcpdump -r packets.pcap 'tcp dst prot 80'
tcpdump -r packets.pcap 'tcp dst port 80' -w http_packets.pcap
# PS: packets.pcap dst prot 80 http_packets.pcap
# tcpdump -F BPF
tcpdump -nni eth0 -F dns_servers.bpf
# PS: bpf bpf
# -t ad
tshark -r packets.pcap -t ad
# PS:a ad
# -z
tshark -r packets.pcap -z conv,ip
tshark -r packets.pcap -z http,tree
tshark -r packets.pcap -z follow,tcp,ascii,0
# PS: ascii TCP 0