diff --git a/cheat_sheets/tshark-cheat-sheet.md b/cheat_sheets/tshark-cheat-sheet.md new file mode 100644 index 0000000..96cd8cb --- /dev/null +++ b/cheat_sheets/tshark-cheat-sheet.md @@ -0,0 +1,34 @@ +# Tshark Cheat Sheet + + +## Capture Packets with Tshark +``` +tshark -i eth0 -w capture-file.pcap +``` +## Read a Pcap with Tshark +``` +tshark -r capture-file.pcap +``` + +## Filtering Packets from One Host +``` +tshark -i eth0 -p -w capture-file.cap host 10.1.2.3 +``` + +## HTTP Analysis with Tshark +The `-T` option specifies that we want to extract fields and with the `-e` options we identify which fields we want to extract. + +``` +tshark -i eth0 -Y http.request -T fields -e http.host -e http.user_agent +``` +## Manipulating other Fields + +This command will extract files from an SMB stream and extract them to the location tmpfolder. +``` +tshark -nr test.pcap --export-objects smb,tmpfolder +``` + +This command will do the same except from HTTP, extracting all the files seen in the pcap. +``` +tshark -nr test.pcap --export-objects http,tmpfolder +```