centosä¸å®è£
wiresharkç¸å½ç®å.两æ¡å½ä»¤å°±å¤äº.è¿é.主è¦æ¯è®°å½å使ç¨æ¹é¢çä¸è¥¿
å®è£
:
1ãyum install wiresharkã注æè¿æ ·å¹¶æ æ³ä½¿ç¨wiresharkå½ä»¤åå¾å½¢çé¢ãä½æä¾äºæå
åºæ¬åè½ã
2ãyum install wireshark-gnomeãè¿æ ·å°±å¯ä»¥æ¹ä¾¿ç使ç¨äºã
å¦æè½ç»å½å¾å½¢çé¢ç»ç«¯.é£ä½¿ç¨åwindowsä¸çæ åºå«.ä½æ们çæå¡å¨é½å¨å½å¤.è¦ç®¡ççè¯é½æ¯SSHç»å½åªè½ç¨å½ä»¤è¡äºã使ç¨wiresharkçå½ä»¤è¡å·¥å
·tsharkï¼å¨å®è£
çæ¶åä¼é»è®¤ç»å®è£
ä¸çï¼ä½¿ç¨æ¹æ³å¾ç®åï¼è¦ææå
ï¼ tshark -wpacket.txt -i etho -q è¿æ ·å°±ä¼æææå°çç½ç»å
åæ¾å¨packet.txtæ件éé¢ï¼è¦æ¥ç详æ
çè¯ï¼ tshark -rpacket.txt -x -V|moreå³å¯.
ä¸é¢çä¸ä¸ææåæ°çä½ç¨:
-a
设置ä¸ä¸ªæ åç¨æ¥æå®Wiresharkä»ä¹æ¶ååæ¢æææ件ãæ åçæ ¼å¼ä¸º test:value,testå¼ä¸ºä¸é¢ä¸çä¸ä¸ªã
duration:value
å½æææç»æè¿°è¶
è¿Valueå¼ï¼åæ¢åå
¥æææ件ã
filesize:value
å½æææ件大å°è¾¾å°Valueå¼kilobytes(kilobytes表示1000bytes,èä¸æ¯1024 bytes)ï¼åæ¢åå
¥æææ件ãå¦æ该é项å-bé项åæ¶ä½¿ç¨ï¼Wiresharkå¨è¾¾å°æå®æ件大å°æ¶ä¼åæ¢åå
¥å½åæææ件ï¼å¹¶åæ¢å°ä¸ä¸ä¸ªæ件ã
files:value
å½æ件æ°è¾¾å°Valueå¼æ¶åæ¢åå
¥æææ件
-b
å¦ææå®æææ件æ大尺寸ï¼å 为Wiresharkè¿è¡å¨âring bufferâ模å¼ï¼è¢«æå®äºæ件æ°ãå¨âring bufferâ模å¼ä¸ï¼Wireshark ä¼åå°å¤ä¸ªæææ件ãå®ä»¬çååç±æ件æ°åå建æ¥æï¼æ¶é´å³å®ã
å½ç¬¬ä¸ä¸ªæææ件被å满ï¼Wiresharkä¼è·³è½¬å°ä¸ä¸ä¸ªæ件åå
¥ï¼ç´å°å满æåä¸ä¸ªæ件ï¼æ¤æ¶Wiresharkä¼ä¸¢å¼ç¬¬ä¸ä¸ªæ件çæ°æ®(é¤éå°files设置为0ï¼å¦æ设置为0ï¼å°æ²¡ææ件æ°éå¶)ï¼å°æ°æ®åå
¥è¯¥æ件ã
å¦ædurationé项被æå®ï¼å½æææç»æ¶é´è¾¾å°æå®å¼çç§æ°ï¼Wiresharkåæ ·ä¼åæ¢å°ä¸ä¸ªæ件ï¼å³ä½¿æ件æªè¢«å满ã
duration:value
å½æææç»æè¿°è¶
è¿Valueå¼ï¼å³ä½¿æ件æªè¢«å满ï¼ä¹ä¼åæ¢å°ä¸ä¸ªæ件继ç»åå
¥ã
filesize:value
å½æ件大å°è¾¾å°valueå¼kilobytesæ¶(kelobyte表示1000bytes,èä¸æ¯1024bytes)ï¼åæ¢å°ä¸ä¸ä¸ªæ件ã
files:value
å½æ件æ°è¾¾å°valueå¼æ¶ï¼ä»ç¬¬ä¸ä¸ªæ件éæ°å¼å§åå
¥ã
-B
ä»
éåWin32:设置æ件ç¼å²å¤§å°(åä½æ¯MB,é»è®¤æ¯1MB).被ææ驱å¨ç¨æ¥ç¼å²å
æ°æ®ï¼ç´å°è¾¾å°ç¼å²å¤§å°æåå
¥ç£çãå¦ææææ¶ç¢°å°ä¸¢å
ç°è±¡ï¼å¯ä»¥å°è¯å¢å¤§å®ç大å°ã
-c
å®æ¶ææä¸æå®ææå
çæ大æ°ç®ï¼å®é常å¨è¿æ¥è¯-ké项ä¸ä½¿ç¨ã
-D
æå°å¯ä»¥è¢«Wiresharkç¨äºææçæ¥å£å表ãæ¯ä¸ªæ¥å£é½æä¸ä¸ªç¼å·åå称(å¯è½ç´§è·å¨æ¥å£æè¿°ä¹åï¼)ä¼è¢«æå°ï¼æ¥å£åææ¥å£ç¼å·å¯ä»¥æä¾ç»-iåæ°æ¥æå®è¿è¡ææçæ¥å£(è¿éæå°åºè¯¥æ¯è¯´å¨å±å¹ä¸æå°)ã
å¨é£äºæ²¡æå½ä»¤å¯ä»¥æ¾ç¤ºå表çå¹³å°(ä¾å¦Windows,æè
缺å°ifconfig -aå½ä»¤çUNIXå¹³å°)è¿ä¸ªå½ä»¤å¾æç¨;æ¥å£ç¼å·å¨Windows 2000ååç»å¹³å°çæ¥å£å称é常æ¯ä¸äºå¤æå符串ï¼è¿æ¶ä½¿ç¨æ¥å£ç¼å·ä¼æ´æ¹ä¾¿ç¹ã
注æï¼âå¯ä»¥è¢«Wiresharkç¨äºææâæææ¯è¯´ï¼Wiresharkå¯ä»¥æå¼é£ä¸ªè®¾å¤è¿è¡å®æ¶ææï¼å¦æå¨ä½ çå¹³å°è¿è¡ç½ç»ææéè¦ä½¿ç¨æç¹æ®æéçå¸å·(ä¾å¦rootï¼Windowsä¸çAdministratorsç»)ï¼å¨æ²¡æè¿äºæéçè´¦æ·ä¸æ·»å -Dä¸ä¼æ¾ç¤ºä»»ä½æ¥å£ãåæ°
-f
设置æææ¶çå
ç½®è¿æ»¤è¡¨è¾¾å¼
-g å¨ä½¿ç¨-råæ°è¯»åæææ件以åï¼ä½¿ç¨è¯¥åæ°è·³è½¬å°æå®ç¼å·çå
ã
-h
-hé项请æ±Wiresharkæå°è¯¥çæ¬çå½ä»¤ä½¿ç¨æ¹æ³(åé¢æ¾ç¤ºç)ï¼ç¶åéåºã
-i
设置ç¨äºè¿è¡ææçæ¥å£æ管éã
ç½ç»æ¥å£å称å¿
é¡»å¹é
Wireshark -Dä¸çä¸ä¸ªï¼ä¹å¯ä»¥ä½¿ç¨Wireshark -Dæ¾ç¤ºçç¼å·ï¼å¦æä½ ä½¿ç¨UNIX,netstat -iæè
ifconfig -aè·å¾çæ¥å£åä¹å¯ä»¥è¢«ä½¿ç¨ãä½ä¸æ¯ææçUNIXå¹³å°é½æ¯æ-a,ifconfigåæ°ã
å¦ææªæå®åæ°ï¼Wiresharkä¼æç´¢æ¥å£å表ï¼éæ©ç¬¬ä¸ä¸ªéç¯åæ¥å£è¿è¡ææï¼å¦æ没æéç¯åæ¥å£ï¼ä¼éæ©ç¬¬ä¸ä¸ªç¯åæ¥å£ãå¦æ没ææ¥å£ï¼wiresharkä¼æ¥åé误ï¼ä¸æ§è¡æææä½ã
管éåå³å¯ä»¥æ¯FIFO(å·²å½å管é)ï¼ä¹å¯ä»¥ä½¿ç¨â-â读åæ åè¾å
¥ãä»ç®¡é读åçæ°æ®å¿
é¡»æ¯æ åçlibpcapæ ¼å¼ã
-k
-ké项æå®Wiresharkç«å³å¼å§ææãè¿ä¸ªé项éè¦å-iåæ°é
å使ç¨æ¥æå®ææ产çå¨åªä¸ªæ¥å£çå
ã
-l
æå¼èªå¨æ»å±é项ï¼å¨æææ¶ææ°æ°æ®è¿å
¥ï¼ä¼èªå¨ç¿»å¨âPacket listâé¢æ¿ï¼å-Såæ°ä¸æ ·ï¼ã
-m
设置æ¾ç¤ºæ¶çåä½ï¼ç¼è
认为åºè¯¥æ·»å åä½èä¾ï¼
-n
æ¾ç¤ºç½ç»å¯¹è±¡åå解æ(ä¾å¦TCP,UDP端å£åï¼ä¸»æºå)ã
-N
对ç¹å®ç±»åçå°åå端å£å·æå¼åå解æåè½ï¼è¯¥åæ°æ¯ä¸ä¸ªå符串ï¼ä½¿ç¨må¯ä»¥å¼å¯MACå°å解æï¼nå¼å¯ç½ç»å°å解æï¼tå¼å¯ä¼ è¾å±ç«¯å£å·è§£æãè¿äºå符串å¨-nå-Nåæ°åæ¶åå¨æ¶ä¼å
级é«äº-nï¼åæ¯Cå¼å¯åæ¶(å¼æ¥)DNSæ¥è¯¢ã
-o 设置é¦é项æå½åå¼ï¼è¦çé»è®¤å¼æå
¶ä»ä»Preference/recent file读åçåæ°ãæ件ã该åæ°çå¼æ¯ä¸ä¸ªå符串ï¼å½¢å¼ä¸º prefname:value,prefnmaeæ¯é¦é项çé项å称(åºç°å¨preference/recent fileä¸çå称)ãvalueæ¯é¦é项åæ°å¯¹åºçå¼ãå¤ä¸ª-o å¯ä»¥ä½¿ç¨å¨åç¬å½ä¸ä¸ã
设置åç¬é¦é项çä¾åï¼
wireshark -o mgcp.display_dissect_tree:TRUE
设置å¤ä¸ªé¦é项åæ°çä¾åï¼
wireshark -o mgcp.display_dissect_tree:TRUE -o mgcp.udp.callagent_port:2627-p
ä¸å°æ¥å£è®¾ç½®ä¸ºææ¶æ¨¡å¼ã注æå¯è½å 为æäºåå ä¾ç¶åºäºææ¶æ¨¡å¼ï¼è¿æ ·ï¼-pä¸è½ç¡®å®æ¥å£æ¯å¦ä»
ææèªå·±åéææ¥åçå
以åå°è¯¥å°åç广æå
ï¼å¤æå
-Q
ç¦æ¢Wiresharkå¨ææå®ææ¶éåºãå®å¯ä»¥å-cé项ä¸èµ·ä½¿ç¨ãä»ä»¬å¿
é¡»å¨åºç°å¨-i -wè¿æ¥è¯ä¸ã
-r
æå®è¦è¯»åæ¾ç¤ºçæ件åãæææ件å¿
é¡»æ¯Wiresharkæ¯æçæ ¼å¼ã
-R
æå®å¨æ件读åååºç¨çè¿æ»¤ãè¿æ»¤è¯æ³ä½¿ç¨çæ¯æ¾ç¤ºè¿æ»¤çè¯æ³ï¼ï¼ä¸å¹é
çå
ä¸ä¼è¢«æ¾ç¤ºã
-s
设置ææå
æ¶çå¿«ç
§é¿åº¦ãWiresharkå±æ¶ä»
æææ¯ä¸ªå
åèçæ°æ®ã
-S
Wiresharkå¨æææ°æ®åç«å³æ¾ç¤ºå®ä»¬ï¼éè¿å¨ä¸ä¸ªè¿ç¨æææ°æ®ï¼å¦ä¸ä¸ªè¿ç¨æ¾ç¤ºæ°æ®ãè¿åææé项对è¯æ¡ä¸çâUpdate list of packets in real time/å®æ¶æ¾ç¤ºæ°æ®âåè½ç¸åã
-t
设置æ¾ç¤ºæ¶é´æ³æ ¼å¼ãå¯ç¨çæ ¼å¼æ
r ç¸å¯¹çï¼è®¾ç½®ææå
æ¶é´æ³æ¾ç¤ºä¸ºç¸å¯¹äºç¬¬ä¸ä¸ªå
çæ¶é´ã
a absolute,设置ææå
æ¾ç¤ºä¸ºç»å¯¹æ¶é´ã
ad ç»å¯¹æ¥æï¼è®¾ç½®ææå
æ¾ç¤ºä¸ºç»å¯¹æ¥ææ¶é´ã
d delta 设置æ¶é´æ³æ¾ç¤ºä¸ºç¸å¯¹äºåä¸ä¸ªå
çæ¶é´
e epoch 设置æ¶é´æ³æ¾ç¤ºä¸ºä»epochèµ·çå¦æ°(1970å¹´1æ1æ¥ 00:00:00èµ·)
-v
请æ±Wiresharkæå°åºçæ¬ä¿¡æ¯ï¼ç¶åéåº
-w
å¨ä¿åæ件æ¶ä»¥savefileæå¡«çå符为æ件åã
-y
å¦ææææ¶å¸¦æ-kåæ°ï¼-yå°æå®ææå
ä¸æ°æ®é¾æ¥ç±»åãThe values reported by -L are the values that can be used.
-X
设置ä¸ä¸ªéé¡¹ä¼ éç»TShark 模åãeXtension é项使ç¨extension_key:å¼å½¢å¼ï¼extension_key:å¯ä»¥æ¯ï¼
lua_script:lua_script_filename,å®åè¯Wiresharkè½½å
¥æå®çèæ¬ãé»è®¤èæ¬æ¯Lua scripts.
-z
å¾å°Wiresharkçå¤ç§ç±»åçç»è®¡ä¿¡æ¯ï¼æ¾ç¤ºç»æå¨å®æ¶æ´æ°ççªå£ã
ç¨LogParseråæWireSharkçå
温馨提示:答案为网友推荐,仅供参考