Tshark domains
Jump to navigation
Jump to search
sudo pkill tshark # rm nohup.out sleep 5 nohup sudo tshark -Q -l -i any -f 'dst port ( 443 ) ' -Y 'tls.handshake.extension.type == "server_name" || http.host' -T fields -e ip.src -e ip.dst -e tcp.dstport -e tls.handshake.ex tensions_server_name -e http.host >> nohup.out 2>&1 &
Count
cat nohup.out | grep -v "Running as\| ** (tshar" | awk '{print $4}' | sed '/^$/d' | sort | uniq -c | grep -v '^[0-9]\|^$'
domains=$(cat nohup.out | awk '{print $4}' | sort | uniq | grep -v '^[0-9]\|^$') for i in $(echo $domains); do recs=$(dig +short $i | tr '\n' '|'); echo "$i||$recs" done
Old tshark
nohup sudo tshark -l -i any -f 'dst port ( 443 ) ' -Y 'ssl.handshake.extension.type == "server_name" || http.host' -T fields -e ip.src -e ip.dst -e tcp.dstport -e ssl.handshake.extensions_server_name -e http.host >> nohup.out 2>&1 &