In my last post, in a somewhat sarcastic tone, I discussed a simple batch file to make use of mergecap.exe. After that long post, I still feel like discussing the awesomeness that is Wireshark.
So, here I offer two quick tidbits:
A GREAT reference sheet (there is also a tcpdump sheet here as well):
http://www.packetlife.net/media/library/13/Wireshark_Display_Filters.pdf
An example of the simplicity of the power:
If I know that I want TCP streams 4, 9, 71, and 120, I can do so easily by:
- entering the filter:
tcp.stream eq 4 || tcp.stream eq 9 || tcp.stream eq 71 || tcp.stream eq 120
- applying said filter
- selecting "File" -> "Save As"
- in the bottom left of the 'Save As' Window will be a boxed in area. Select the "Displayed" radio button over the right column.
- Give your file a name
You now have a pcap file of just the tcp streams you want!
goodday
ReplyDeleteplease can you help me to find a pucket capter for abotnet use http protocol like koobface or spyeye or bredolabe ...
thanks
mais