{"id":9224,"date":"2024-07-24T13:42:47","date_gmt":"2024-07-24T04:42:47","guid":{"rendered":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=9224"},"modified":"2024-07-25T11:01:07","modified_gmt":"2024-07-25T02:01:07","slug":"tshark-%ec%82%ac%ec%9a%a9%eb%b2%95-2","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=9224","title":{"rendered":"tshark \uc0ac\uc6a9\ubc95"},"content":{"rendered":"

tshark \uc0ac\uc6a9\ubc95<\/h1>\n

\ucc38\uc870<\/a><\/p>\n

\ucc38\uc870<\/a><\/p>\n

\uc124\uce58<\/h2>\n
sudo apt install tshark<\/code><\/pre>\n
\ub514\ubc14\uc774\uc2a4 \ubaa9\ub85d \ubcf4\uae30<\/h2>\n
\ub77c\uc988\ubca0\ub9ac\ud30c\uc7744 \uc5d0\uc11c \uc2e4\ud589\ud558\uba74 \uc544\ub798\uc640 \uac19\uc740 \ub514\ubc14\uc774\uc2a4\uac00 \ud655\uc778\ub41c\ub2e4.<\/p>\n
tshark -D<\/code><\/pre>\n
1. wlan0\n2. any\n3. lo (Loopback)\n4. eth0\n5. bluetooth0\n6. bluetooth-monitor\n7. nflog\n8. nfqueue\n9. dbus-system\n10. dbus-session\n11. ciscodump (Cisco remote capture)\n12. dpauxmon (DisplayPort AUX channel monitor capture)\n13. randpkt (Random packet generator)\n14. sdjournal (systemd Journal Export)\n15. sshdump (SSH remote capture)\n16. udpdump (UDP Listener remote capture)<\/code><\/pre>\n
\uac04\ub2e8 \uc0ac\uc6a9\ubc95<\/h2>\n
\ub514\ubc14\uc774\uc2a4 \ubc88\ud638\ub97c \uc0ac\uc6a9\ud574\ub3c4 \ub418\uace0 \uc774\ub984\uc744 \uc0ac\uc6a9\ud574\ub3c4 \ub41c\ub2e4.
\n-i<\/code> \ub294 interface \ub97c \uc758\ubbf8\ud55c\ub2e4.<\/p>\n
# tshark -i 1\ntshark -i wlan0<\/code><\/pre>\n
Capturing on 'wlan0'\n ** (tshark:28293) 10:50:56.852792 [Main MESSAGE] -- Capture started.\n ** (tshark:28293) 10:50:56.853346 [Main MESSAGE] -- File: "\/tmp\/wireshark_wlan0Z9DWR2.pcapng"\n    1 0.000000000 192.168.0.103 \u2192 192.168.0.XXX SSH 198 Server: Encrypted packet (len=144)\n    2 0.000210091 192.168.0.103 \u2192 192.168.0.XXX SSH 214 Server: Encrypted packet (len=160)<\/code><\/pre>\n
\ud544\ud130(\uac80\uc0c9\uc870\uac74 \ucd94\uac00)<\/h2>\n
\ud3ec\ud2b8\uc640 \uc544\uc774\ud53c\ub97c \uac80\uc0c9\uc870\uac74\uc5d0 \ucd94\uac00\ud560 \uc218 \uc788\ub2e4.
\n\uac80\uc0c9\uc870\uac74\uc740 &&<\/code>, ||<\/code>, ==<\/code>, !=<\/code> \ub4f1\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\ub2e4.
\n\ub610\ud55c \uad04\ud638\ub97c \uc0ac\uc6a9\ud560 \uc218 \uc788\ub2e4.<\/p>\n
\ud544\ub4dc\uba85\uc740 \uac80\uc0c9\ud558\ub824\ub294 \uc778\ud130\ud398\uc774\uc2a4\ub9c8\ub2e4 \uc0c1\uc774\ud558\ubbc0\ub85c \ub530\ub85c \uac80\uc0c9\uc744 \ud574\uc57c \ud55c\ub2e4.<\/p>\n
tshark -i wlan0 -Y 'tcp.port == 22 && ip.addr == 192.168.0.XXX'\n# tshark -i wlan0 -Y '(tcp.port == 22 && ip.addr == 192.168.0.XXX)'<\/code><\/pre>\n
\ucd9c\ub825\ud544\ub4dc \uc9c0\uc815<\/h2>\n
-T fields<\/code> \uc635\uc158\uc744 \uc8fc\uc5b4\uc11c \ucd9c\ub825\ub420 \ud544\ub4dc\ub97c \uc9c0\uc815\ud574 \uc904 \uc218 \uc788\ub2e4.
\n\ud0ed(tab) \ubb38\uc790\ub97c \uac80\uc0c9\uc870\uac74\uc5d0 \ub123\uace0\uc2f6\uc73c\uba74 Ctrl-V<\/code> \uc785\ub825 \ud6c4 \ud0ed\ud0a4\ub97c \ub20c\ub7ec\uc8fc\uba74 \ub41c\ub2e4.<\/p>\n
tshark -G fields | grep -E "      tcp\\."\ntshark -i wlan0 -Y 'tcp.port == 22' -T fields -e tcp.port -e ip.addr<\/code><\/pre>\n
\uae30\ud0c0 \uc635\uc158<\/h2>\n
-t a<\/code> \ub294 \uc2dc\uac04\uc744 \ud45c\uc2dc\ud55c\ub2e4.
\n--color<\/code> \ub294 \uc0c9\uc0c1\uc744 \ubd80\uc5ec\ud55c\ub2e4.<\/p>\n
tshark -i 1 -Y 'tcp.port == 80 && ip.addr == 192.168.1.10' -t a --color<\/code><\/pre>\n
\ud544\ud130(\uac80\uc0c9\uc870\uac74) \uc790\uc138\ud788<\/h2>\n
\ube44\uad50\uc5f0\uc0b0<\/h3>\n\n\n\n\n\n
\uac19\ub2e4<\/th>\n\ub2e4\ub974\ub2e4<\/th>\n\ud06c\ub2e4<\/th>\n\ud06c\uac70\ub098 \uac19\ub2e4<\/th>\n\uc791\ub2e4<\/th>\n\uc791\uac70\ub098 \uac19\ub2e4<\/th>\n<\/tr>\n<\/thead>\n
eq \ub610\ub294 ==<\/td>\nne \ub610\ub294 !=<\/td>\ngt \ub610\ub294 ><\/td>\nge \ub610\ub294 >=<\/td>\nlt \ub610\ub294 <<\/td>\nle \ub610\ub294 <=<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\ub17c\ub9ac\uc5f0\uc0b0<\/h3>\n\n\n\n\n\n
\ub17c\ub9ac\uacf1<\/th>\n\ub17c\ub9ac\ud569<\/th>\n\ubc30\ud0c0\uc801 \ub17c\ub9ac\ud569<\/th>\n\ub17c\ub9ac\ubd80\uc815<\/th>\n<\/tr>\n<\/thead>\n
and \ub610\ub294 &&<\/td>\nor \ub610\ub294 ||<\/td>\nxor \ub610\ub294 ^^<\/td>\nnot \ub610\ub294 !<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\uae30\ud0c0 \ud45c\ud604\uc2dd<\/h3>\n
contains<\/code><\/p>\n
http.host contains "google.com"<\/code><\/pre>\n
syn<\/code><\/p>\n
tcp.flags.syn eq 0x02<\/code><\/pre>\n
get<\/p>\n
http.request.method == GET<\/code><\/pre>\n
\ud544\ud130 \uac00\ub2a5\ud55c \ud544\ub4dc \ubaa9\ub85d<\/h3>\n
\uadf8\ub0e5 \uac80\uc0c9\ud558\uba74 \uc5c4\uccad\ub098\uac8c \ub9ce\uc740 \ud544\ub4dc\uac00 \ub72c\ub2e4.
\ngrep \uc744 \uac78\uc5b4\uc11c \uc0ac\uc6a9\ud558\uc790.<\/p>\n
# tshark -G fields\ntshark -G fields | grep "http."\ntshark -G fields | grep -E "http[2|3]?\\."<\/code><\/pre>\n
\ud0ed(tab) \ubb38\uc790\ub97c \uac80\uc0c9\uc870\uac74\uc5d0 \ub123\uace0\uc2f6\uc73c\uba74 Ctrl-V<\/code> \uc785\ub825 \ud6c4 \ud0ed\ud0a4\ub97c \ub20c\ub7ec\uc8fc\uba74 \ub41c\ub2e4.<\/p>\n
tshark -G fields | grep -E "      bth"<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
tshark \uc0ac\uc6a9\ubc95 \ucc38\uc870 \ucc38\uc870 \uc124\uce58 sudo apt install tshark \ub514\ubc14\uc774\uc2a4 \ubaa9\ub85d \ubcf4\uae30 \ub77c\uc988\ubca0\ub9ac\ud30c\uc7744 \uc5d0\uc11c \uc2e4\ud589\ud558\uba74 \uc544\ub798\uc640 \uac19\uc740 \ub514\ubc14\uc774\uc2a4\uac00 \ud655\uc778\ub41c\ub2e4. tshark -D 1. wlan0 2. any 3. lo (Loopback) 4. eth0 5. bluetooth0 6. bluetooth-monitor 7. nflog 8. nfqueue 9. dbus-system 10. dbus-session 11. ciscodump (Cisco remote capture) 12. dpauxmon (DisplayPort AUX channel monitor capture) 13.\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-9224","post","type-post","status-publish","format-standard","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/9224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9224"}],"version-history":[{"count":8,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/9224\/revisions"}],"predecessor-version":[{"id":9234,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/9224\/revisions\/9234"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}