Packet Captures: Difference between revisions
→Misc: adv pcaps
m (→TCPDump Filters: tcmpdump general cmd) |
(→Misc: adv pcaps) |
||
Line 423:
-y <type> Specify the data link type
<br />
== Advanced Packet Filtering ==
((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb
find . -type f | egrep "All.pcap"
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tshark -r $i '((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb' ; echo -e "\n"; done
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tshark -r $i '((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb2' ; echo -e "\n"; done | grep 'error|unknown|denied'
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tshark -r $i '((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb2' ; echo -e "\n"; done | grep -E '(error|unknown|denied)'
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tshark -r $i '((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb2' ; echo -e "\n"; done | grep -E '(error|unknown|denied)' > errors.txt &
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tshark -t a -r $i '((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb2' ; echo -e "\n"; done
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tshark -t ad -r $i '((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb2' ; echo -e "\n"; done > smb-time.txt
for i in `find . -type f | egrep ".txt"`; do echo $i; cat $i ; echo -e "\n"; done | grep smb2.lock
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tcpdump -r $i '((host 192.168.80.80 or host 10.1.1.56) and host 192.168.30.20) and port 445' ; echo -e "\n"; done
= Misc =
|