패킷 캡쳐 - tshark, snoop, tcpdump

cli에서 패킷을 잡을수 있는 명령어들...

# Usage - tshark, snoop, tcpdump
- tshark ether host 00:21:5e:4d:cc:8c
- tshark -i eth0 host 192.168.133.110 -w tmp.pcap
: -w <file-name>
- snoop -d bge3 -o t1.pcpa 192.168.133.129
- snoop -d bge0 src/dst 192.168.142.35

- tcpdump -i eth0 host 34.34.34.1 -w <file-name>

# example

: http://www.codealias.info/technotes/capture_and_analysis_of_radius_traffic_with_tshark

# 각 프로토콜별 패킷 잡기
- radius filter : tshark -f "udp port 1812" -i eth0 # Radius 메시지 잡기
- dns filter : tshark -i eth0 udp port 53
- dhcp filter : tshark -i eth0 -n port 67 and port 68
- dns and dhcp : tshark -i eth0 udp port 53 or \(port 67 and port 68\)
- mac address : tshark -i eth0 ether host 00:xx:xx:xx:xx:xx