« Commandes BASH » : différence entre les versions
| Ligne 656 : | Ligne 656 : | ||
<syntaxhighlight lang="bash" line copy> | <syntaxhighlight lang="bash" line copy> | ||
sudo tshark -i eth0 -f "port 53" -Y "dns" -T fields \ | sudo tshark -i eth0 -f "port 53" -Y "dns" -T fields \ | ||
-e frame.time -e ip.src -e ip.dst -e dns.qry.name -e dns.qry.type -e dns.flags.response \ | |||
-E separator=, -E quote=d | |||
</syntaxhighlight> | |||
Analyse DNS ciblée (montre seulement le trafic qui vient OU va vers 192.169.1.100) <br /> | |||
ex : 192.169.1.100 = pihole | |||
<syntaxhighlight lang="bash" line copy> | |||
sudo tshark -i eth0 -f "port 53" -Y "ip.src == 192.168.1.100 || ip.dst == 192.168.1.100" -T fields \ | |||
-e frame.time -e ip.src -e ip.dst -e dns.qry.name -e dns.qry.type -e dns.flags.response \ | -e frame.time -e ip.src -e ip.dst -e dns.qry.name -e dns.qry.type -e dns.flags.response \ | ||
-E separator=, -E quote=d | -E separator=, -E quote=d | ||