{"id":13765,"date":"2023-08-16T07:06:10","date_gmt":"2023-08-15T22:06:10","guid":{"rendered":"https:\/\/lab4ict.com\/system\/?p=13765"},"modified":"2023-08-20T08:38:22","modified_gmt":"2023-08-19T23:38:22","slug":"tshark%e3%81%a7%e3%83%91%e3%82%b1%e3%83%83%e3%83%88%e3%82%ad%e3%83%a3%e3%83%97%e3%83%81%e3%83%a3%e3%82%92%e8%a1%8c%e3%81%86%ef%bc%81","status":"publish","type":"post","link":"https:\/\/lab4ict.com\/system\/archives\/13765","title":{"rendered":"TShark\u3067\u30d1\u30b1\u30c3\u30c8\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01\uff08\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\uff09"},"content":{"rendered":"<p>WireShark\u306b\u4ed8\u5c5e\u3059\u308bTShark\u3067\u30d1\u30b1\u30c3\u30c8\u3092\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<br \/>\n<!--more--><\/p>\n<h2>tshark\u30b3\u30de\u30f3\u30c9\u3092\u5f15\u6570\u306a\u3057\u3067\u5b9f\u884c\u3059\u308b\uff01<\/h2>\n<p>tshark\u30b3\u30de\u30f3\u30c9\u3092\u5f15\u6570\u306a\u3057\u3067\u5b9f\u884c\u3059\u308b\u3068\u30d1\u30b1\u30c3\u30c8\u30ad\u30e3\u30d7\u30c1\u30e3\u304c\u958b\u59cb\u3055\u308c\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo tshark\r\nRunning as user &quot;root&quot; and group &quot;root&quot;. This could be dangerous.\r\nCapturing on 'enp0s3'\r\n    1 0.000000000     10.1.0.1 \u2192 239.255.255.250 SSDP 375 NOTIFY * HTTP\/1.1 \r\n    2 0.000205847     10.1.0.1 \u2192 239.255.255.250 SSDP 381 NOTIFY * HTTP\/1.1 \r\n    3 0.000730901     10.1.0.1 \u2192 239.255.255.250 SSDP 322 NOTIFY * HTTP\/1.1 \r\n<\/pre>\n<h2>\u30d1\u30b1\u30c3\u30c8\u30ad\u30e3\u30d7\u30c1\u30e3\u3092\u884c\u3046\u30c7\u30d0\u30a4\u30b9\u3092\u78ba\u8a8d\u3059\u308b\uff01<\/h2>\n<p>\u300c-D\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3059\u308b\u3068\u3001\u30d1\u30b1\u30c3\u30c8\u30ad\u30e3\u30d7\u30c1\u30e3\u3092\u884c\u3046\u30c7\u30d0\u30a4\u30b9\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n# sudo tshark -D\r\nRunning as user &quot;root&quot; and group &quot;root&quot;. This could be dangerous.\r\n1. enp0s3\r\n2. lo (Loopback)\r\n3. any\r\n4. bluetooth-monitor\r\n5. nflog\r\n6. nfqueue\r\n7. usbmon0\r\n8. usbmon1\r\n9. usbmon2\r\n10. ciscodump (Cisco remote capture)\r\n11. sshdump (SSH remote capture)\r\n12. udpdump (UDP Listener remote capture)\r\n<\/pre>\n<h2>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3092\u6307\u5b9a\u3057\u3066\u30d1\u30b1\u30c3\u30c8\u3092\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01<\/h2>\n<p>\u300c-i\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u30d1\u30b1\u30c3\u30c8\u3063\u30ad\u30e3\u30d7\u30c1\u30e3\u3092\u884c\u3046\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3092\u6307\u5b9a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo tshark -i enp0s3\r\nRunning as user &quot;root&quot; and group &quot;root&quot;. This could be dangerous.\r\nCapturing on 'enp0s3'\r\n    1 0.000000000 Dell_a8:15:eb \u2192 Broadcast    ARP 60 Who has 10.1.20.2? Tell 10.1.1.11\r\n    2 0.570328567   10.1.12.11 \u2192 10.1.1.1     SSH 198 Server: Encrypted packet (len=132)\r\n    3 0.570496162     10.1.1.1 \u2192 10.1.12.11   TCP 66 43162 \u2192 22 &#x5B;ACK] Seq=1 Ack=133 Win=501 Len=0 TSval=2933654675 TSecr\r\n<\/pre>\n<h2>\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3057\u3066\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\uff01<\/h2>\n<p>\u300c-f\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u306e\u6761\u4ef6\u306f\u3001tcpdump\u3068\u540c\u3058\u66f8\u5f0f\u3067\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo tshark -i enp0s3 -f &quot;port 22&quot;\r\nRunning as user &quot;root&quot; and group &quot;root&quot;. This could be dangerous.\r\nCapturing on 'enp0s3'\r\n    1 0.000000000     10.1.1.1 \u2192 10.1.12.11   SSH 118 Client: Encrypted packet (len=52)\r\n    2 0.000079399   10.1.12.11 \u2192 10.1.1.1     SSH 94 Server: Encrypted packet (len=28)\r\n    3 0.000241100     10.1.1.1 \u2192 10.1.12.11   TCP 66 42458 \u2192 22 &#x5B;ACK] Seq=53 Ack=29 Win=12289 Len=0 TSval=863525637 TSecr=3588349139\r\n    4 0.732811042   10.1.12.11 \u2192 10.1.1.1     SSH 422 Server: Encrypted packet (len=356)\r\n<\/pre>\n<p>\u8907\u5408\u6761\u4ef6\u3082\u3001tcpdump\u3068\u540c\u3058\u304f\u6307\u5b9a\u3067\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo tshark -i enp0s3 -f &quot;port 22 and host 10.1.1.1&quot;\r\nRunning as user &quot;root&quot; and group &quot;root&quot;. This could be dangerous.\r\nCapturing on 'enp0s3'\r\n    1 0.000000000     10.1.1.1 \u2192 10.1.12.11   SSH 118 Client: Encrypted packet (len=52)\r\n    2 0.000077598   10.1.12.11 \u2192 10.1.1.1     SSH 94 Server: Encrypted packet (len=28)\r\n    3 0.000228034     10.1.1.1 \u2192 10.1.12.11   TCP 66 42458 \u2192 22 &#x5B;ACK] Seq=53 Ack=29 Win=12289 Len=0 TSval=863683842 TSecr=3588507352\r\n    4 0.735861943   10.1.12.11 \u2192 10.1.1.1     SSH 422 Server: Encrypted packet (len=356)\r\n<\/pre>\n<h2>\u304a\u308f\u308a\u306b<\/h2>\n<p>WireShark\u306b\u4ed8\u5c5e\u3059\u308bTShark\u3067\u3082\u3001tcpdump\u3068\u540c\u3058\u3088\u3046\u306b\u30d1\u30b1\u30c3\u30c8\u30ad\u30e3\u30d7\u30c1\u30e3\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2>\u95a2\u9023\u8a18\u4e8b<\/h2>\n<div class=\"sc_getpost\"><a class=\"clearfix\" href=\"https:\/\/lab4ict.com\/system\/archives\/13597\" ><div class=\"sc_getpost_thumb post-box-thumbnail__wrap\"><img decoding=\"async\" src=\"data:image\/gif;base64,R0lGODdhAQABAPAAAN3d3QAAACwAAAAAAQABAAACAkQBADs=\" width=\"150\" height=\"150\" alt=\"\u3010\u8a18\u4e8b\u4e00\u89a7\u3011Linux\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3044\u3053\u306a\u3059\uff01\" loading=\"lazy\" data-src=\"https:\/\/lab4ict.com\/system\/wp-content\/uploads\/2021\/02\/fi_linux_01-150x150.png\" class=\"lazyload\"><\/div><div class=\"title\">\u3010\u8a18\u4e8b\u4e00\u89a7\u3011Linux\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3044\u3053\u306a\u3059\uff01<\/div><div class=\"substr\">Linux\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3044\u3053\u306a\u3059\u305f\u3081\u306e\u8a18\u4e8b\u4e00\u89a7\u3092\u63b2\u8f09\u3057\u307e\u3059\u3002...<\/div><\/a><\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WireShark\u306b\u4ed8\u5c5e\u3059\u308bTShark\u3067\u30d1\u30b1\u30c3\u30c8\u3092\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3059\u3002<\/p>\n","protected":false},"author":1,"featured_media":5527,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[874],"tags":[906,905,309,408,914,853],"class_list":["post-13765","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-network-linux","tag-tshark","tag-wireshark","tag-309","tag-408","tag-914","tag-853"],"_links":{"self":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/13765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/comments?post=13765"}],"version-history":[{"count":12,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/13765\/revisions"}],"predecessor-version":[{"id":13920,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/13765\/revisions\/13920"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media\/5527"}],"wp:attachment":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media?parent=13765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/categories?post=13765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/tags?post=13765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}