One, install
#yum install-y Wireshark
Two. Specific Use cases
1. Crawl 500 packages, extract the visited URLs to print out
Tshark-s 0-i eth0-n-F ' TCP DST Port + '-R ' http.host and Http.request.uri '-t fields-e http.host-e Http.request.uri -L-C 50
2. Crawl 500 packets, extract the visitor's access address and submission method and visitor IP
Tshark-s 0-i eth0-n-F ' TCP DST Port + '-R ' http.host and Http.request.uri '-t fields-e frame.time-e ip.src-e http. Request.method-e http.host-e http.request.uri-e ip.src-e ip.dst-l-C 500
3. Crawl MySQL Query
Tshark-i eth1-d tcp.port==3306,mysql-t fields-e mysql.query ' Port 3306 '
Tshark-i lo-d tcp.port==3306,mysql-t fields-e mysql.query ' Port 3306 '
Specify type
Tshark-i lo-d tcp.port==3306,mysql-t fields-e mysql.query ' Port 3306 '-R ' MySQL matches ' select| Insert| delete| UPDATE "'
4. Statistics HTTP Status
Tshark-n-q-z Http,stat,-Z http,tree
Tshark Grab Bag Analysis