Packet Captures: Difference between revisions
→Advanced Packet Filtering: added section
(→Misc: adv pcaps) |
(→Advanced Packet Filtering: added section) |
||
Line 426:
== Advanced Packet Filtering ==
{{UC}}
Wireshark Filter:
((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb
<pre style="width: 2000px; overflow-x: scroll;">
find . -type f | egrep "All.pcap"
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tshark -r $i '((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb' ; echo -e "\n"; done
Line 435 ⟶ 439:
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tshark -t a -r $i '((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb2' ; echo -e "\n"; done
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tshark -t ad -r $i '((ip.addr==192.168.80.80 or ip.addr==10.1.1.56) and ip.addr==192.168.30.20) and smb2' ; echo -e "\n"; done > smb-time.txt
for i in `find . -type f | egrep "All.pcap"`; do echo $i; tcpdump -r $i '((host 192.168.80.80 or host 10.1.1.56) and host 192.168.30.20) and port 445' ; echo -e "\n"; done▼
for i in `find . -type f | egrep ".txt"`; do echo $i; cat $i ; echo -e "\n"; done | grep smb2.lock
</pre>
▲ for i in `find . -type f | egrep "All.pcap"`; do echo $i; tcpdump -r $i '((host 192.168.80.80 or host 10.1.1.56) and host 192.168.30.20) and port 445' ; echo -e "\n"; done
= Misc =
| |||