The key point here is that this is NOT DNS traffic! It's probably "HTTP-over-SSL", or "https", traffic. See the tcpdump man page, and a description of TCP, for details on the rest of the line. "10.0.2 > ": the packet is from IP address 10.0.0.2, port 57512, to the IP address whose for which the host name is "", and the port for "https", which is port 443. The interpretation of the data in your example is being done by tcpdump, not Wireshark. If you "used wireshark to collect data from some sites, and then used tcpdump to get it as a text file", the output from Wireshark is either a pcap file or a pcap-ng file, which is a binary file, and is completely uninterpreted raw data. The output you're showing is text output, so, if you "used tcpdump to get it as a text file", it's output from tcpdump, not from Wireshark text output from Wireshark would look different. If you're only using Wireshark to capture traffic, that's probably overkill - you can do the same thing with dumpcap or possibly even tcpdump. :-) I.e., they use tcpdump to capture traffic into a file and then read the file with Wireshark. Most people who use both tools use them for the opposite purposes.
I used wireshark to collect data from some sites, and then used tcpdump to get it as a text file.
0 kommentar(er)
