12 lines
455 B
Plaintext
Executable File
12 lines
455 B
Plaintext
Executable File
|
|
# tshark follow stream
|
|
tshark -r <capture file> -R "<filter>" -T fields -e tcp.stream
|
|
tshark -q -r http.pcapng -z follow,tcp,ascii,1
|
|
|
|
# etc
|
|
tshark grep from http
|
|
tshark -r file.cap 'http' | egrep -i "login|pass"
|
|
tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
|
|
tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -R'http.request.method == "GET" || http.request.method == "HEAD"'
|
|
|