Wireshark: Difference between revisions
Content added Content deleted
No edit summary |
|||
Line 124: | Line 124: | ||
Search for keywords in the text files created along with traces: |
Search for keywords in the text files created along with traces: |
||
for i in `find . -type f | egrep ".txt"`; do echo $i; cat $i ; echo -e "\n"; done | grep smb2.lock |
for i in `find . -type f | egrep ".txt"`; do echo $i; cat $i ; echo -e "\n"; done | grep smb2.lock |
||
== More Filters == |
|||
;Filter traffic in time range: |
|||
*Show traffic from 10:27 to 10:29 |
|||
tshark -r nstrace1.cap -t ud | egrep -E '2017-07-25 10:2[7-9].' |
|||
*Show traffic from 10:27 to 10:29 |
|||
{{notice|This filter is not tested successfully yet.}} |
|||
tshark -r nstrace1.cap -t ud '(frame.time >= "July 25, 2017 10:26:00.0") && (frame.time == "July 25, 2017 10:30:00.0")' |
|||
;Decode SSL encrypted Traffic: |
|||
{{notice|This filter is not tested successfully yet.}} |
|||
tshark -r nstrace1.cap -t ud | egrep -E '2017-07-25 10:2[7-9].' -o ssl.keys_list:"192.168.3.206","443","http","/home/aman/Downloads/NSTrace/nstrace.sslkeys" |
|||
= Misc = |
= Misc = |