mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-27 05:00:18 +00:00
835 B
835 B
Tshark Cheat Sheet
Capture Packets with Tshark
tshark -i eth0 -w capture-file.pcap
Read a Pcap with Tshark
tshark -r capture-file.pcap
Filtering Packets from One Host
tshark -i eth0 -p -w capture-file.cap host 10.1.2.3
HTTP Analysis with Tshark
The -T
option specifies that we want to extract fields and with the -e
options we identify which fields we want to extract.
tshark -i eth0 -Y http.request -T fields -e http.host -e http.user_agent
Manipulating other Fields
This command will extract files from an SMB stream and extract them to the location tmpfolder.
tshark -nr test.pcap --export-objects smb,tmpfolder
This command will do the same except from HTTP, extracting all the files seen in the pcap.
tshark -nr test.pcap --export-objects http,tmpfolder