tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -qz conv,ip > dump_170324_2133_g0n.conv-ip tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -qz hosts > dump_170324_2133_g0n.hosts -rw-r--r-- 1 miro miro 2693 2017-03-24 23:04 dump_170324_2133_g0n.conv-ip -rw-r--r-- 1 miro miro 535 2017-03-24 23:04 dump_170324_2133_g0n.hosts tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -V -Y 'http.request.method==POST' > dump_170324_2133_g0n.POST | sed 's/\t//g' | sed 's/ / /g' | sed 's/ / /g' | sed 's/ / /g' -rw-r--r-- 1 miro miro 9947 2017-03-24 23:04 dump_170324_2133_g0n.POST tshark-http-uri.sh -k dump_170324_2133_g0n_SSLKEYLOGFILE.txt -r dump_170324_2133_g0n.pcap tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -q -r dump_170324_2133_g0n.pcap -T fields -e 'frame.number' -e 'http.request.full_uri' | grep -E '^[0-9]{1,9}[[:space:]][[:alpha:]]' > dump_170324_2133_g0n-frame-http-request-full_uri.txt -rw-r--r-- 1 miro miro 149 2017-03-24 23:04 dump_170324_2133_g0n-frame-http-request-full_uri.txt -rw-r--r-- 1 miro miro 248 2017-03-24 23:05 dump_170324_2133_g0n.non-local-hosts-ls-1 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 192.168.1.1 <-> 224.1.1.77 0 0 222 11762 222 11762 7.097382018 479.1741 --- | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 192.168.1.5 <-> 212.47.244.38 1209 2189430 663 110754 1872 2300184 60.513438711 305.4213 --- | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 163.172.149.122 <-> 192.168.1.5 846 446304 1326 1925103 2172 2371407 61.772267299 288.1715 --- | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 158.69.92.127 <-> 192.168.1.5 621 379335 1209 1788183 1830 2167518 61.772394851 317.6996 --- | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 89.163.224.25 <-> 192.168.1.5 5706 3027978 8283 12691083 13989 15719061 61.772450171 333.9453 --- | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 192.168.1.1 <-> 224.1.3.214 0 0 30 1580 30 1580 151.402778588 5.0990 --- | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 192.168.1.1 <-> 224.1.3.217 0 0 16 880 16 880 410.008850833 6.2013 --- | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 81.2.237.32 <-> 192.168.1.2 16 1320 16 2416 32 3736 480.236451263 0.4748 --- 69.195.158.198 secure.informaction.com | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 69.195.158.198 <-> 192.168.1.2 18 2202 16 8074 34 10276 480.351216504 0.7056 --- 178.21.114.142 assata.dyne.org | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 178.21.114.142 <-> 192.168.1.2 30 3476 24 20740 54 24216 480.481691681 5.1146 --- 178.255.83.1 ocsp.usertrust.com | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 178.255.83.1 <-> 192.168.1.2 10 1634 10 2414 20 4048 480.597838473 0.1235 --- 23.64.15.88 a771.dscq.akamai.net | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 23.64.15.88 <-> 192.168.1.2 12 1792 8 2386 20 4178 480.721211352 4.8787 --- | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 93.138.21.243 <-> 192.168.1.2 16 1438 16 11112 32 12550 480.931342582 0.0316 --- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==224.1.1.77)" -w dump_170324_2133_g0n_224.1.1.77.pcap -rw-r--r-- 1 miro miro 19216 2017-03-24 23:17 dump_170324_2133_g0n_224.1.1.77.pcap tshark-http-uri.sh -k dump_170324_2133_g0n_SSLKEYLOGFILE.txt -r dump_170324_2133_g0n_224.1.1.77.pcap -rw-r--r-- 1 miro miro 0 2017-03-24 23:17 dump_170324_2133_g0n_224.1.1.77-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==212.47.244.38)" -w dump_170324_2133_g0n_212.47.244.38.pcap -rw-r--r-- 1 miro miro 2360484 2017-03-24 23:18 dump_170324_2133_g0n_212.47.244.38.pcap tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==163.172.149.122)" -w dump_170324_2133_g0n_163.172.149.122.pcap -rw-r--r-- 1 miro miro 2441380 2017-03-24 23:18 dump_170324_2133_g0n_163.172.149.122.pcap tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==158.69.92.127)" -w dump_170324_2133_g0n_158.69.92.127.pcap -rw-r--r-- 1 miro miro 2226448 2017-03-24 23:18 dump_170324_2133_g0n_158.69.92.127.pcap tshark-http-uri.sh -k dump_170324_2133_g0n_SSLKEYLOGFILE.txt -r dump_170324_2133_g0n_158.69.92.127.pcap -rw-r--r-- 1 miro miro 0 2017-03-24 23:18 dump_170324_2133_g0n_158.69.92.127-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==89.163.224.25)" -w dump_170324_2133_g0n_89.163.224.25.pcap -rw-r--r-- 1 miro miro 16169824 2017-03-24 23:19 dump_170324_2133_g0n_89.163.224.25.pcap tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==224.1.3.214)" -w dump_170324_2133_g0n_224.1.3.214.pcap -rw-r--r-- 1 miro miro 2752 2017-03-24 23:19 dump_170324_2133_g0n_224.1.3.214.pcap tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==224.1.3.217)" -w dump_170324_2133_g0n_224.1.3.217.pcap -rw-r--r-- 1 miro miro 1600 2017-03-24 23:19 dump_170324_2133_g0n_224.1.3.217.pcap tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n_158.69.92.127.pcap -V -Y "" > dump_170324_2133_g0n_158.69.92.127_.txt -rw-r--r-- 1 miro miro 6104038 2017-03-24 23:20 dump_170324_2133_g0n_158.69.92.127_.txt tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==81.2.237.32)" -w dump_170324_2133_g0n_81.2.237.32.pcap -rw-r--r-- 1 miro miro 5000 2017-03-24 23:20 dump_170324_2133_g0n_81.2.237.32.pcap tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==69.195.158.198)" -w dump_170324_2133_g0n_69.195.158.198.pcap -rw-r--r-- 1 miro miro 11576 2017-03-24 23:21 dump_170324_2133_g0n_69.195.158.198.pcap tshark-http-uri.sh -k dump_170324_2133_g0n_SSLKEYLOGFILE.txt -r dump_170324_2133_g0n_69.195.158.198.pcap -rw-r--r-- 1 miro miro 43 2017-03-24 23:21 dump_170324_2133_g0n_69.195.158.198-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n_69.195.158.198.pcap -V -Y "frame.number==23" > dump_170324_2133_g0n_69.195.158.198_frame.number==23.txt -rw-r--r-- 1 miro miro 4589 2017-03-24 23:22 dump_170324_2133_g0n_69.195.158.198_frame.number==23.txt tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==178.21.114.142)" -w dump_170324_2133_g0n_178.21.114.142.pcap -rw-r--r-- 1 miro miro 26160 2017-03-24 23:23 dump_170324_2133_g0n_178.21.114.142.pcap tshark-http-uri.sh -k dump_170324_2133_g0n_SSLKEYLOGFILE.txt -r dump_170324_2133_g0n_178.21.114.142.pcap -rw-r--r-- 1 miro miro 0 2017-03-24 23:23 dump_170324_2133_g0n_178.21.114.142-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==178.255.83.1)" -w dump_170324_2133_g0n_178.255.83.1.pcap -rw-r--r-- 1 miro miro 4888 2017-03-24 23:23 dump_170324_2133_g0n_178.255.83.1.pcap tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==23.64.15.88)" -w dump_170324_2133_g0n_23.64.15.88.pcap -rw-r--r-- 1 miro miro 5016 2017-03-24 23:24 dump_170324_2133_g0n_23.64.15.88.pcap tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n.pcap -Y "(ip.addr==93.138.21.243)" -w dump_170324_2133_g0n_93.138.21.243.pcap -rw-r--r-- 1 miro miro 13776 2017-03-24 23:24 dump_170324_2133_g0n_93.138.21.243.pcap tshark-http-uri.sh -k dump_170324_2133_g0n_SSLKEYLOGFILE.txt -r dump_170324_2133_g0n_93.138.21.243.pcap -rw-r--r-- 1 miro miro 24 2017-03-24 23:24 dump_170324_2133_g0n_93.138.21.243-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_170324_2133_g0n_SSLKEYLOGFILE.txt" -r dump_170324_2133_g0n_93.138.21.243.pcap -V -Y "frame.number==7" > dump_170324_2133_g0n_93.138.21.243_frame.number==7.txt -rw-r--r-- 1 miro miro 4190 2017-03-24 23:25 dump_170324_2133_g0n_93.138.21.243_frame.number==7.txt