tshark常用命令

##抓取HTTP流量（显示域名和UA）

sudo tshark -i en0 -Y http.request -T fields -e http.host -e http.user_agent

部分结果如下：

[~]$ sudo tshark -i en0 -Y http.request -T fields -e http.host -e http.user_agent                                                                                                                                [18:21:10]
Capturing on 'Wi-Fi'
[FF05::C]:1900
[FF05::C]:1900
[FF02::C]:1900
[FF02::C]:1900
239.255.255.250:1900
239.255.255.250:1900
[FF05::C]:1900
[FF05::C]:1900
[FF02::C]:1900
[FF02::C]:1900
239.255.255.250:1900
239.255.255.250:1900
baidu.com	curl/7.54.0

##抓取DNS流量

sudo tshark -i en0 -f "src port 53" -n -T fields -e dns.qry.name 

结果如下

[~]$ sudo tshark -i en0 -f "src port 53" -n -T fields -e dns.qry.name                                                       [18:27:26]
Capturing on 'Wi-Fi'
qq.com
42.courier-push-apple.com.akadns.net
gs.cqupt.edu.cn
gs.cqupt.edu.cn
rm.api.weibo.com
apis.google.com
adservice.google.com
clients5.google.com
ogs.google.com
bilibili.com
csdnimg.cn
img-ads.csdn.net
gorgon.youdao.com
img-bss.csdn.net
cpro.baidustatic.com
beacon.tingyun.com
s3m.mediav.com
re.csdn.net
blog.csdn.net
pos.baidu.com
zhannei-dm.csdn.net
pv.csdn.net
hm.baidu.com
svc-notify.csdn.net
f10.baidu.com
s.cpro.baidu.com
f11.baidu.com
f12.baidu.com
t11.baidu.com
t12.baidu.com
wn.pos.baidu.com
my.csdn.net
t10.baidu.com
goutong.baidu.com
dup.baidustatic.com
eclick.baidu.com
mp.csdn.net
static-blog.csdn.net
img-blog.csdn.net
olimenew.n.shifen.com
rm.api.weibo.com
googleads.g.doubleclick.net

清空DNS缓存：

sudo killall -HUP mDNSResponder && sudo killall mDNSResponderHelper && sudo dscacheutil -flushcache

在Mac上监控：

sudo /Applications/Wireshark.app/Contents/MacOS/tshark  -i en0 -f "src port 53" -n -T fields -e dns.qry.name -Y 'udp contains pastebin'