Tshark -i wlan0 -Y http.request -T fields -e http.host -e er_agent Mozilla/5.0 (X11 Ubuntu Linux x86_64 rv:36.0) Gecko/20100101 Firefox/36.0 Using the -T we specify we want to extract fields, and with the -e options we identify which fields we want to extract. In the following example, we extract data from any HTTP requests that are seen. Capture Packets with Tshark tshark -i wlan0 -w capture-output.pcap Read a Pcap with Tshark tshark -r capture-output.pcap HTTP Analysis with Tshark As you can see, the syntax for capturing and reading a pcap is very similar to tcpdump. Use these as the basis for starting to build your extraction commands.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |