Wireshark cli6/19/2023 ![]() Some traffic such as ICMP won’t have port numbers, so we set those ports to $null. This is accomplished by the two long if/elseif/else lines. I wanted to combine these 4 properties into 2 protocol independent source and destination port properties. Tshark puts TCP and UDP port numbers in different fields prefixed by the protocol ( tcp_ and udp_). If this object is empty we know we’re not processing packet data and the function essentially ends there as the if statement that contains the rest of our logic evaluates the condition to false. ![]() We can see from the tshark json output this is where all relevant data is. We first convert the layers property to a PowerShell object. I won’t break down the function too much as it’s mostly self explanatory, but there are a few things worth noting. Write-Output $Packet | Select Protocol, SrcIP, SrcPort, DstIP, DstPort PS C:\>
0 Comments
Leave a Reply. |