Tools/Commands

Tool

  • tshark

  • arpspoof

Commands

  • tshark -D // list interfaces

  • sudo tshark -i eth0

  • tshark -r <file>.pcap

  • tshark -r <file>.pcap -z io,phs -q

  • tshark -r <file>.pcap -Y 'http'

  • tshark -r <file>.pcap -Y 'ip.src==<ip> && ip.dst==<ip>'

  • tshark -r <file>.pcap -Y 'http.request.method==<httpmethod>' // filter

  • tshark -r <file>.pcap -Y 'http.request.method==<httpmethod>' -Tfields -e frame.time -e ip.src -e http.request.full_uri' // filter with field selection

  • tshark -r <file>.pcap -Y 'http contains password'

  • tshark -r <file>.pcap -Y 'http.request.method==<httpmethod> && http.host==<host>'

  • tshark -r <file>.pcap -Y 'ip contains amazon.in && ip.src=<ip>' -Tfields -e ip.src -e http.cookie -e http.user_agent

  • echo 1 > /proc/sys/net/ipv4/ip_forward //

  • arpspoof -i <interface> -t <target ip> -r <reply ip>

  • tshark -r <file>.pcap -Y 'wlan'

  • tshark -r <file>.pcap -Y 'wlan.fc.type_subtype==0x000c'

  • tshark -r <file>.pcap -Y 'wlan.fc.type_subtype==0x000c' -Tfields -e wlan.ra

  • tshark -r <file>.pcap -Y 'wlan.ssid==LazyArtists' -Tfields -e wlan.bssid -e wlan_radio.channel

  • tshark -r <file>.pcap -Y 'wlan.fc.type_subtype==8' -Tfields -e wlan.ssid -e wlan.bssid

PreviousNetwork Based AttacksNextThe Metasploit Framework

Last updated