PTZ/profile_files/.ptz/v3das/network_sniffing_tshark_exa...


# tshark follow stream
tshark -r <capture file> -R "<filter>" -T fields -e tcp.stream
tshark -q -r http.pcapng -z follow,tcp,ascii,1

# etc
tshark grep from http
tshark -r file.cap 'http'  | egrep -i "login|pass" 
tshark  'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tshark  'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'  -R'http.request.method == "GET" || http.request.method == "HEAD"'
n function and dep checking 2017-01-15 22:23:28 +00:00
			`# tshark follow stream`
			`tshark -r <capture file> -R "<filter>" -T fields -e tcp.stream`
			`tshark -q -r http.pcapng -z follow,tcp,ascii,1`

			`# etc`
			`tshark grep from http`
			`tshark -r file.cap 'http' \| egrep -i "login\|pass"`
			`tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'`
			`tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -R'http.request.method == "GET" \|\| http.request.method == "HEAD"'`