h4cker/cheat_sheets/tshark-cheat-sheet.md
2020-03-27 16:55:19 -04:00

835 B

Tshark Cheat Sheet

Capture Packets with Tshark

tshark -i eth0 -w capture-file.pcap

Read a Pcap with Tshark

tshark -r capture-file.pcap

Filtering Packets from One Host

tshark -i eth0 -p -w capture-file.cap host 10.1.2.3

HTTP Analysis with Tshark

The -T option specifies that we want to extract fields and with the -e options we identify which fields we want to extract.

tshark -i eth0 -Y http.request -T fields -e http.host -e http.user_agent

Manipulating other Fields

This command will extract files from an SMB stream and extract them to the location tmpfolder.

tshark -nr test.pcap --export-objects smb,tmpfolder

This command will do the same except from HTTP, extracting all the files seen in the pcap.

tshark -nr test.pcap --export-objects http,tmpfolder