Tshark
Exemples de commandes
Simple capture
tshark -i eth0 -w capture-output.pcap
Lecture d'un fichier de capture
tshark -r capture-output.pcap
Filtre simple
tshark -i eth0 -f 'host 192.168.0.1 and port 8080'
tshark -i eth0 -f 'net 192.168.0/24 and port 8080'
Analyse DNS
tshark -i wlan0 -f "src port 53" -n -T fields -e dns.qry.name -e dns.resp.addr
tshark -i wlan0 -f "src port 53" -n -T fields -e frame.time -e ip.src -e ip.dst -e dns.qry.name -e dns.resp.addr
Analyse web
tshark -i wlan0 -Y http.request -T fields -e http.host -e http.user_agent
Fréquence
tshark -r example.pcap -Y http.request -T fields -e http.host -e http.user_agent | sort | uniq -c | sort -n
Vol de mots de passe
tshark -i wlan0 -Y 'http.request.method == POST and tcp contains "password"' | grep password
tshark -nr test.pcap --export-objects smb,tmpfolder
tshark -nr test.pcap --export-objects http,tmpfolder
