Tuesday, February 28, 2012

just a few tshark commands

Just a few tshark commands to get you some information on a pcap file involved.

  • List the hosts involved(if you need a guess the canonical name, dont use "-n")

             tshark -r my.pcap -z ip_hosts,tree -qn

  • Try out OS fingerprinting on the hosts involved in the pcap by doing

             p0f -s my.pcap -N


  • if you wanna see the sessions involved, you can do

             tshark -r my.pcap -qnz conv,tcp

  • To view information about the pcap files like details about the duration across which the packets were captured, you could do :-
             capinfos attack-trace.pcap 


No comments:

Post a Comment