Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # parsing pcap capture file with tshark
- ```bash
- tcpdump -r vagrant_up.pcap -w outfile.pcap "dst port 5150"
- tshark -r vagrant_up.pcap -n -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport
- tshark -r vagrant_up.pcap -T json > /tmp/output.json
- jq '.|length' /tmp/output.json
- jq '.[4000]' /tmp/output.json
- ```
- # follow a tcp communication between two nodes
- ```bash
- tshark -r vagrant_up.pcap -z "follow,tcp,hex,192.168.3.200:46168,192.168.3.100:5150" > /tmp/o46168_f5150.follow
- ```
- # capture 100 packets with filter and in json format
- ```bash
- tshark -i enp0s8 -c 100 -n -T json -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e data.data -e data.len -e udp 'src host (192.168.3.200 or 192.168.3.100)' | tee /tmp/capture100.json
- ```
- # statistics of 1000 packets across nodes
- ```bash
- tshark -i enp0s8 -c 1000 -n -T json -e frame.number -e frame.time_epoch -e frame.time_delta -e ip.src -e tcp.srcport -e udp.srcport -e ip.dst -e tcp.dstport -e udp.dstport -e data.data -e data.len 'src host (192.168.3.200 or 192.168.3.100 or 192.168.3.123 or 192.168.3.2 or 192.168.3.45) and (tcp or udp)'
- ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement