Mirrors/h4cker
2
0
Fork 0
mirror of https://github.com/The-Art-of-Hacking/h4cker synced 2024-11-22 02:43:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

Create tshark-cheat-sheet.md

Browse source
This commit is contained in:
Omar Santos 2020-03-27 16:55:19 -04:00 committed by GitHub
parent 51b9dfeac6
commit fd7ba91b4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
cheat_sheets/tshark-cheat-sheet.md Normal file
View file

@ -0,0 +1,34 @@
# Tshark Cheat Sheet
## Capture Packets with Tshark
```
tshark -i eth0 -w capture-file.pcap
```
## Read a Pcap with Tshark
```
tshark -r capture-file.pcap
```
## Filtering Packets from One Host
```
tshark -i eth0 -p -w capture-file.cap host 10.1.2.3
```
## HTTP Analysis with Tshark
The `-T` option specifies that we want to extract fields and with the `-e` options we identify which fields we want to extract.
```
tshark -i eth0 -Y http.request -T fields -e http.host -e http.user_agent
```
## Manipulating other Fields
This command will extract files from an SMB stream and extract them to the location tmpfolder.
```
tshark -nr test.pcap --export-objects smb,tmpfolder
```
This command will do the same except from HTTP, extracting all the files seen in the pcap.
```
tshark -nr test.pcap --export-objects http,tmpfolder
```