A few useful tshark commands I’ve used;
1 2 3 4 5 6 7 8 |
sudo apt install tshark sudo tshark -Y http.request -T fields -e http.request.full_uri sudo tshark -Y http.response -T fields -e http.request.full_uri sudo tshark -Y http.request || http.response -T fields sudo tshark -Y http.request || http.response -T fields -e http.request.full_uri sudo tshark -Y http.request.method==POST -T fields -e http.file_data sudo tshark -Y ip.addr==X.X.X.X -T fields -e frame.number -e frame.time -e ip.src -e ip.dst -e http.file_data sudo tshark -Y ip.addr==X.X.X.X -T fields -e frame.number -e frame.time -e ip.src -e ip.dst -e _ws.col.Protocol -e ip.len -e _ws.col.Info -e http.file_data |
by