Network & Protocols
  • Introduction
  • Chapter1: protocol for industrial
    • 1.1.modbus
  • Chapter2: Protocol for IOT
    • 2.1.MQTT
      • 2.1.1.Introduction: What is MQTT?
      • 2.1.2.Install mosquitto on Windows 7
      • 2.1.3.Install M2Mqtt by Nuget, Example code
  • Chapter3: Protocol for network
    • 3.1.網路模型與協定
    • 3.2.HTTP
      • 3.2.1.Basic concept
      • 3.2.2.Session & Cookie
    • 3.3.TCP/IP
    • 3.4.UDP
    • 3.5.子網路(subnet)
    • 3.6.子網路間的通訊
    • 3.7.路由
  • Chapter4: Protocol for Wireless network
    • 4.1.BLE, IBeacon
  • Chapter5: Cellular and Wifi
    • 5.1.Cellular module
      • 5.1.1.AT Command
      • 5.1.2.各家常用模組
        • 5.1.2.1.Cinterion
          • 5.1.2.1.1.PLS8-E
          • 5.1.2.1.2.PLS8-X
          • 5.1.2.1.3.PLS8-US
        • 5.1.2.2.Sierra
          • 5.1.2.2.1.MC-7354
        • 5.1.2.3.Telit
          • 5.1.2.3.1.LE910-EUG
          • 5.1.2.3.2.LE910-NAG
      • 5.1.3.用儀器測試Throughput
    • 5.2.MBIM for Windows
    • 5.3.Wireshark
      • 5.3.1.Capture filter
      • 5.3.2.Cli command
      • 5.3.3.Monitor mode
      • 5.3.4.Work with ssh
    • 5.4.LTE
      • 5.4.1.Introduction
      • 5.4.2.Types of networks
      • 5.4.3.Elements of access and core networks
      • 5.4.4.What's LTE different?
      • 5.4.5.LTE訊息傳輸
      • 5.4.6.3GPP (Generation Partnership Project)
      • 5.4.7.FDD, TDD, Half Duplex FDD
      • 5.4.8.Beared Types
Powered by GitBook
On this page

Was this helpful?

  1. Chapter5: Cellular and Wifi
  2. 5.3.Wireshark

5.3.2.Cli command

Previous5.3.1.Capture filterNext5.3.3.Monitor mode

Last updated 5 years ago

Was this helpful?

  • 1.tshark commands:

  • 2.list all interface

      tshark -D

  • 3.listen specific interface

      tshark -i <interface>

  • 4.listen specific interface and write to file

      tshark -i en0 -w /tmp/testCap.pcap

  • 5.listen specific interface with time limitation

      tshark -i en0 -a duration:10

  • 6.Listen specific interface and write to files with specific filesize

    • 1.-i: 指定要被監聽的interface

    • 2.-f: capture filter

    • 3.-b: 指定什麼condition下要產生另一個file

    • 4.-a: 指定什麼condition下要停止監聽

    • 5.-w: 產生檔案

    • 6.80:HTTP/ 443:HTTPS/ 53:DNS

                tshark -i en0 -f "port 80 or port 443 or port 53" -b filesize:5 -a filesize:3 -w /tmp/UPDATE.pcap

    • mac安裝watch

                brew install watch

    • 用watch監看檔案變化

                watch -n 1 "ls -l"

  • 7.Read record from files

    • ex1.

           tshark -r /tmp/testCap.pcap -T fields -e ip

    • ex2.

           tshark -r /tmp/testCap.pcap -T fields -e ip.src | uniq

  • 8.Read record from files, format to csv

    • 1.-r: 指定要讀取的pcap檔案

    • 2.-T: 指定欄位

    • 3.-e: 指定要取出什麼資料

    • 4.-E

    • 5.-w: 產生檔案

    • ex1. 

        tshark -r /tmp/samplecapture.pcap -T fields -e frame.number -e ip.src -e ip.dst -e tcp.dstport -E header=y -E separator=, -E quote=d -E occurrence=f > /tmp/sample.csv