Post 13: Tshark Filters

January 8, 2019 at | In Network Forensics | No Comments

Other than using wireshark to capture and analyze traffic, we can also use Tshark, the command line version of wireshark. In this post, I will list some commands that can be use to filter pcap files using Tshark. In this tutorial, I will use Kali Linux’s terminal.

Capture Packets

Command: tshark -i wlan0 -w <filename>.pcap

Read a Pcap file

Command: tshark -r <filename>.pcap

Analyze HTTP

Command: tshark -i wlan0 -Y http.request -T fields -e -e http.user_agent

Analyze DNS

Command: tshark -i wlan0 -f “src port 53” -n -T fields -e -e dns.resp.addr



No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^