Packet sniffer: Difference between revisions
Jump to navigation
Jump to search
m (→software list) |
mNo edit summary |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== | |||
== Software list == | |||
[http://www.donationcoder.com/Software/Mouser/urlsnooper/ URL Snooper] v.2.30.01 | |||
* live sniffer: ok | |||
* save as file: n/a | |||
* time stamp: n/a | |||
* license: free for perosnal usage | |||
[http://www.wireshark.org/ Wireshark] 1.6.8 | |||
* live sniffer: ok | |||
* save as file: ok | |||
* time stamp: ok | |||
* license: GNU General Public License version 2<ref>[https://www.wireshark.org/faq.html#_how_much_does_wireshark_cost How much does Wireshark cost?]</ref> | |||
== Case: try to find mp4 file == | |||
keyword filter at URL Snooper v.2.30.01 | keyword filter at URL Snooper v.2.30.01 | ||
* full request URI: ex: {{kbd | key=<nowiki>http://www.example.com/folder/file.mp4</nowiki>}} ok | * full request URI: ex: {{kbd | key=<nowiki>http://www.example.com/folder/file.mp4</nowiki>}} ok | ||
| Line 7: | Line 21: | ||
Filter at Wireshark 1.6.5 | Filter at Wireshark 1.6.5 | ||
* full request URI: ex: {{kbd | key=ip.dst == 127.0.0.1 and http.request.uri matches "upload2/letsgo.mp4" }} (where the domain www.example.com was mapping to IP: 127.0.0.1) ok | * full request URI: ex: {{kbd | key=ip.dst == 127.0.0.1 and http.request.uri matches "upload2/letsgo.mp4" }} (where the domain www.example.com was mapping to IP: 127.0.0.1) ok | ||
* partial URI path: ex: {{kbd | key=http.request.uri matches "/folder/file.mp4"}}, {{kbd | key=http.request.uri matches "file.mp4"}}, {{kbd | key=http.request.uri matches "mp4"}} ok | * partial URI path: | ||
** ex: {{kbd | key=http.request.uri matches "/folder/file.mp4"}}, {{kbd | key=http.request.uri matches "file.mp4"}}, {{kbd | key=http.request.uri matches "mp4"}} ok | |||
** ex: {{kbd | key=tcp and ip.src== 127.0.0.1 }} | |||
* wildcat: ex: {{kbd | key=http.request.uri matches "*.mp4" }} not work {{exclaim}} | * wildcat: ex: {{kbd | key=http.request.uri matches "*.mp4" }} not work {{exclaim}} | ||
== Reference == | |||
<references /> | |||
* [http://wiki.wireshark.org/DisplayFilters DisplayFilters - The Wireshark Wiki] | |||
* [http://www.wireshark.org/docs/man-pages/wireshark-filter.html wireshark-filter - The Wireshark Network Analyzer 1.5.0] | |||
resources | |||
* [http://wiki. | * [http://en.wikipedia.org/wiki/Packet_analyzer Packet analyzer - Wikipedia, the free encyclopedia] | ||
* [http://www.softking.com.tw/soft/review.asp?fid1=6&fid2=21 網路監測的軟體目錄 - 軟體王] | |||
[[Category:Software]] | [[Category:Software]] | ||
Latest revision as of 16:20, 22 June 2020
Software list[edit]
URL Snooper v.2.30.01
- live sniffer: ok
- save as file: n/a
- time stamp: n/a
- license: free for perosnal usage
Wireshark 1.6.8
- live sniffer: ok
- save as file: ok
- time stamp: ok
- license: GNU General Public License version 2[1]
Case: try to find mp4 file[edit]
keyword filter at URL Snooper v.2.30.01
- full request URI: ex: http://www.example.com/folder/file.mp4 ok
- partial URI path: ex: /folder/file.mp4, file.mp4, mp4 ok
- wildcat: ex: *.mp4 not work
Filter at Wireshark 1.6.5
- full request URI: ex: ip.dst == 127.0.0.1 and http.request.uri matches "upload2/letsgo.mp4" (where the domain www.example.com was mapping to IP: 127.0.0.1) ok
- partial URI path:
- ex: http.request.uri matches "/folder/file.mp4", http.request.uri matches "file.mp4", http.request.uri matches "mp4" ok
- ex: tcp and ip.src== 127.0.0.1
- wildcat: ex: http.request.uri matches "*.mp4" not work
Reference[edit]
resources