Wireshark: Difference between revisions

Content added Content deleted

Inline

@@ Line 124: / Line 124: @@
 Search for keywords in the text files created along with traces:
  for i in `find . -type f | egrep ".txt"`; do echo $i; cat $i ; echo -e "\n"; done | grep smb2.lock
+== More Filters ==
+;Filter traffic in time range:
+*Show traffic from 10:27 to 10:29
+ tshark -r nstrace1.cap -t ud | egrep -E '2017-07-25 10:2[7-9].'
+*Show traffic from 10:27 to 10:29
+{{notice|This filter is not tested successfully yet.}}
+ tshark -r nstrace1.cap -t ud '(frame.time >= "July 25, 2017 10:26:00.0") && (frame.time == "July 25, 2017 10:30:00.0")'
+;Decode SSL encrypted Traffic:
+{{notice|This filter is not tested successfully yet.}}
+ tshark -r nstrace1.cap -t ud | egrep -E '2017-07-25 10:2[7-9].' -o ssl.keys_list:"192.168.3.206","443","http","/home/aman/Downloads/NSTrace/nstrace.sslkeys"
 = Misc =