====== Tshark ======
===== Exemples de commandes =====
==== Simple capture ====
tshark -i eth0 -w capture-output.pcap
==== Lecture d'un fichier de capture ====
tshark -r capture-output.pcap
==== Filtre simple ====
tshark -i eth0 -f 'host 192.168.0.1 and port 8080'
tshark -i eth0 -f 'net 192.168.0/24 and port 8080'
==== Analyse DNS ====
tshark -i wlan0 -f "src port 53" -n -T fields -e dns.qry.name -e dns.resp.addr
tshark -i wlan0 -f "src port 53" -n -T fields -e frame.time -e ip.src -e ip.dst -e dns.qry.name -e dns.resp.addr
==== Analyse web ====
tshark -i wlan0 -Y http.request -T fields -e http.host -e http.user_agent
==== Fréquence ====
tshark -r example.pcap -Y http.request -T fields -e http.host -e http.user_agent | sort | uniq -c | sort -n
==== Vol de mots de passe ====
tshark -i wlan0 -Y 'http.request.method == POST and tcp contains "password"' | grep password
==== Extraction d'objets ====
tshark -nr test.pcap --export-objects smb,tmpfolder
tshark -nr test.pcap --export-objects http,tmpfolder