The -o options is requierd for oversteering the wireshark config and make sure, we have the absolute Seq Nr, and not the relative Seq Nr. ![]() (coma sep) tshark -i eth0 -nn -e ip.src -e eth.src -Tfields -E separator=, -R ip Display Target IP and Mac Address (coma sep) tshark -i eth0 -nn -e ip.dst -e eth.dst -Tfields -E separator=, -R ipSoure and Target IP tshark -i eth0 -nn -e ip.src -e ip.dst -Tfields -E separator=, -R ipSource and Target IPv6 tshark -i eth0 -nn -e ip.dst -e ip.dst -Tfields -E separator=, -R ipSource IP and DNS Query tshark -i eth0 -nn -e ip.src -e -E separator=" " -T fields port 53įor a test, if the Device use random answer seq number, i need the Seq-Number of the SYN-ACK packet. Tshark -r sample1.cap -R http.request -T fields -e http.host -e | sed -e 's/?.*$//' | sed -e 's#^\(.*\)\t\(.*\)$# | sort | uniq -c | sort -rn | headDisplay Source IP and MAC Address. Tshark -o "tcp.desegment_tcp_streams:TRUE" -i eth0 -R "http.response" -T fields -e Display Top 10 URLs ![]() Use the options -T, -E and -e (see man pages for infos) ![]() For creating a " " separated file with "source IP" "destination IP" and "Destination Port" from all with SYN initiated connections, you can use following sample:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |