Tshark -r sample1.cap -R http.request -T fields -e http.host -e | sed -e 's/?.*$//' | sed -e 's#^\(.*\)\t\(.*\)$# | sort | uniq -c | sort -rn | headDisplay Source IP and MAC Address. Tshark -o "tcp.desegment_tcp_streams:TRUE" -i eth0 -R "http.response" -T fields -e Display Top 10 URLs
Use the options -T, -E and -e (see man pages for infos) For creating a " " separated file with "source IP" "destination IP" and "Destination Port" from all with SYN initiated connections, you can use following sample:
0 kommentar(er)
