gpt4 book ai didi

terminal - 格式化 tshark 输出

转载 作者:行者123 更新时间:2023-12-02 22:08:08 25 4
gpt4 key购买 nike

现在我正在使用

tshark -i wlan0 -c 10 -T fields -e ip.src -e ip.dst -e ip.proto -e tcp.srcport -e tcp.dstport -e udp.srcport -e udp.dstport > test.txt

它工作正常,它给了我这样的输出:

192.168.1.240   198.38.110.157  6       50735   80              198.38.110.157  192.168.1.240   6       80      50735           192.168.1.240   198.38.110.157  6       50735   80              198.38.110.157  192.168.1.240   6       80      50735           192.168.1.240   198.38.110.157  6       50735   80              198.38.110.157  192.168.1.240   6       80      50735           192.168.1.240   198.38.110.157  6       50735   80              198.38.110.157  192.168.1.240   6       80      50735           192.168.1.240   198.38.110.157  6       50735   80              198.38.110.157  192.168.1.240   6       80      50735 

非常酷,但是有没有人能够为每个协议(protocol)提供一个像这样的简单堆栈?只是一个简单的制表符分隔字段,我似乎无法在 tshark 手册页中找到此选项。

最佳答案

您可以尝试使用tshark的-o选项来格式化tshark的输出。

例如,

tshark.exe -o "gui.column.format:\"Source\",\"%us\",\"Destination\",\"%ud\",\"src port\",\"%S\",\"dest port\",\"%D\"" -r sample_001.cap.pcapng

结果:

10.191.144.161 → 10.210.62.164 57434 8888
10.191.144.161 → 10.210.62.164 57434 8888
10.210.62.164 → 10.191.144.161 8888 57434

(然后,你只需要把“→”去掉即可)

要查看可选择的输出字段的完整列表,请使用命令tshark.exe -G column-formats:

c:\Program Files\Wireshark>tshark.exe -G column-formats
%q 802.1Q VLAN id
%Yt Absolute date, as YYYY-MM-DD, and time
%YDOYt Absolute date, as YYYY/DOY, and time
%At Absolute time
%V Cisco VSAN
%B Cumulative Bytes
%Cus Custom
%y DCE/RPC call (cn_call_id / dg_seqnum)
%Tt Delta time
%Gt Delta time displayed
%rd Dest addr (resolved)
%ud Dest addr (unresolved)
%rD Dest port (resolved)
%uD Dest port (unresolved)
%d Destination address
%D Destination port
%a Expert Info Severity
%I FW-1 monitor if/direction
%F Frequency/Channel
%hd Hardware dest addr
%hs Hardware src addr
%rhd Hw dest addr (resolved)
%uhd Hw dest addr (unresolved)
%rhs Hw src addr (resolved)
%uhs Hw src addr (unresolved)
%e IEEE 802.11 RSSI
%x IEEE 802.11 TX rate
%f IP DSCP Value
%i Information
%rnd Net dest addr (resolved)
%und Net dest addr (unresolved)
%rns Net src addr (resolved)
%uns Net src addr (unresolved)
%nd Network dest addr
%ns Network src addr
%m Number
%L Packet length (bytes)
%p Protocol
%Rt Relative time
%s Source address
%S Source port
%rs Src addr (resolved)
%us Src addr (unresolved)
%rS Src port (resolved)
%uS Src port (unresolved)
%E TEI
%Yut UTC date, as YYYY-MM-DD, and time
%YDOYut UTC date, as YYYY/DOY, and time
%Aut UTC time
%t Time (format as specified)

例如,使用 tshark 打印 Wireshark 的默认列:

tshark.exe -o "gui.column.format:\"No.\",\"%m\",\"Time\",\"%t\",\"Source\",\"%s\",\"Destination\",\"%d\",\"Protocol\",\"%p\",\"Length\",\"%L\",\"Info\",\"%i\""

c:\Program Files\Wireshark>

关于terminal - 格式化 tshark 输出,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26049157/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com