cyber-security-resources/cheat_sheets/tshark-cheat-sheet.md

35 lines
835 B
Markdown
Raw Normal View History

2020-03-27 16:55:19 -04:00
# Tshark Cheat Sheet
## Capture Packets with Tshark
```
tshark -i eth0 -w capture-file.pcap
```
## Read a Pcap with Tshark
```
tshark -r capture-file.pcap
```
## Filtering Packets from One Host
```
tshark -i eth0 -p -w capture-file.cap host 10.1.2.3
```
## HTTP Analysis with Tshark
The `-T` option specifies that we want to extract fields and with the `-e` options we identify which fields we want to extract.
```
tshark -i eth0 -Y http.request -T fields -e http.host -e http.user_agent
```
## Manipulating other Fields
This command will extract files from an SMB stream and extract them to the location tmpfolder.
```
tshark -nr test.pcap --export-objects smb,tmpfolder
```
This command will do the same except from HTTP, extracting all the files seen in the pcap.
```
tshark -nr test.pcap --export-objects http,tmpfolder
```