As much as I like using Wireshark, I'm a sucker for a command interface. The trouble is properly defining a filter has been difficult to say the least, boring simple post, but below is a list of brief examples and descriptions.
#!/bin/bash
#--grab the first 10 packets and write to file
tcpdump -c 10 -i wlan0 -w /tmp/data.pcap
#--grab the first 10 packets to/from host and write to file
tcpdump -c 10 -i wlan0 host 192.168.1.125 -w /tmp/data.pcap
#--grab the first 10 packets from host and write to file
tcpdump -c 10 -i wlan0 src host 192.168.1.125 -w /tmp/data.pcap
#--grab the first 10 packets to host and write to file
tcpdump -c 10 -i wlan0 dst host 192.168.1.125 -w /tmp/data.pcap
#--grab the first 10 packets to/from port and write to file
tcpdump -c 10 -i wlan0 port 80 -w /tmp/data.pcap
#--grab the first 10 packets to/from net and write to file
tcpdump -c 10 -i wlan0 net 192.168.1 -w /tmp/data.pcap
#--grab the first 10 packets from network and write to file
tcpdump -c 10 -i wlan0 src net 192.168.1 -w /tmp/data.pcap
#--grab the first 10 packets from network and write to file
tcpdump -c 10 -i wlan0 dst net 192.168.1 -w /tmp/data.pcap
#--grab the first 10 packets from network and write to file
tcpdump -c 10 -i wlan0 '(dst host 192.168.1.125) and (port 443)' -w /tmp/data.pcap
Now, go put your virtual ear to a NIC and hear whatcha hear.
Cheers.
No comments:
Post a Comment