I am looking for a good documentation on rawshark with good examples(other than the man page). I tried using the rawshark man page but I can not find any practical examples embedded in the man page. asked 27 Dec '10, 08:25  averageguy |
One Answer:
OK, I've been circling around this rawshark for a day now, and here's my two cents : sudo dumpcap -w- -i eth2 -f "tcp port 80" | rawshark -d encap:EN10MB -l -r- -s -F ip.dst -F http.host explanation : dumpcap provides the input (tcp port 80 from eth2). -w- means writing to stdout, rawshark : -d encap:EN10MB means we read ethernet packets (most likely you too. you can find out by readin dumpcap messages) -l means to flush the output -r- means read from stdin -s means skip the pcap headers (this is what took me most time to figure ) -F ... lists the fields we want to parse hope someone finds this useful answered 04 Jan '11, 01:50  yoav |
