TSHARK

root@dco:~$ BROWSER > https://www.wireshark.org/docs/dfref > CTRL+F
 search: http
  https://www.wireshark.org/docs/dfref/h/http.html
root@dco:~$ BROWSER > https://www.wireshark.org/docs/dfref/h/http.html > CTRL+F
 search: agent
  http.user_agent	User-Agent	Character string	1.0.0 to 4.4.5

root@dco:~$ tshark -r user-agents.pcap -T fields -e http.user_agent | awk NF | sort -r | uniq -c | sort -r
 6 Mozilla/5.0 (Windows; U; Windows NT 6.4; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
 5 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
 5 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36
 4 sqlmap/1.4#stable (http://sqlmap.org)
 3 Wfuzz/2.7
 3 Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
  
 * the "awk NF" in the pipeline will remove empty lines.
PreviousUSER-AGENTSNextPORT SCANS

Last updated