Tcpick rebuilds individual connection streams by assembling packets in order. It’s like a mini command-line version of Wireshark’s “Follow TCP Stream” function. Tcpick has options to output data in hex or plain text with binary stripped.
You can also use it to display individual packets as that are seen. In this mode you don’t make use of the stream rebuilding features, but it is still handy for quickly displaying packets with binary stripped out.
For example, the following is a crude, but effective Yahoo Instant Messenger sniffer:
tcpick -i eth0 -yP "host 192.168.1.2" | grep YMSG
You could also do the same thing by looking only for Yahoo IM packets like this:
tcpick -i eth0 "port mmcc" -S -yP # port 5050
For AIM packets use this:
tcpick -i eth0 "port aol" -S -h -yP # port 5190
The -h option shows headers. You need that for AIM to figure out who sent which message. Yahoo puts this information in the message, so -h is not necessary with Yahoo.
Show HTTP GET requests on the entire network LAN:
tcpick -i eth0 -yP | grep GET
example:
root@utm-desktop:/home/rnd# tcpick -i eth0 "port mmcc" -S -yP # port 5050
Good Luck.....
No comments:
Post a Comment
Terima kasih atas komentarnya