使用 tshark 过滤 PCAP 文件:show ip source>ip destination:info in a txt file
[英]Filter a PCAP file using tshark : show ip source>ip destination:info in a txt file
问题描述
I need a tshark command so i can create a txt file containing Ipsource>Ipdestination:Info in this order !
我需要一个 tshark 命令,这样我就可以按此顺序创建一个包含 Ipsource>Ipdestination:Info 的 txt 文件! i tried this command tshark -T fields -n -r "C:\Users\dell\Desktop\tracecomplete.pcap" -E separator=, -e ip.src -e ip.dst > "C:\Users\dell\Desktop\walima22.txt"*我试过这个命令 tshark -T fields -n -r "C:\Users\dell\Desktop\tracecomplete.pcap" -E separator=, -e ip.src -e ip.dst > "C:\Users\dell\桌面\walima22.txt"*
but i can't change the separator and show the infos但我无法更改分隔符并显示信息
1 个解决方案
解决方案1
1 2022-06-16 15:45:48
There are generally 2 solutions for printing specific column data, one using column-specifiers and the other using fields, similar to what you have.通常有两种打印特定列数据的解决方案,一种使用列说明符,另一种使用字段,类似于您所拥有的。
Using column-specifiers:使用列说明符:
Standard specifiers as described by tshark.exe -G column-formats : tshark.exe -G column-formats描述的标准说明符:
tshark.exe -n -r "C:\Users\dell\Desktop\tracecomplete.pcap" -o "gui.column.format:\"Source\",\"%s\",\"Destination\",\"%d\",\"Info\",\"%i\""
... or using custom columns for those fields that are supported: ...或为支持的那些字段使用自定义列:
tshark.exe -n -r "C:\Users\dell\Desktop\tracecomplete.pcap" -o "gui.column.format:\"Source\",\"%Cus:ip.src\",\"Destination\",\"%Cus:ip.dst\",\"Info\",\"%i\""
Using Fields:使用字段:
tshark.exe -n -r "C:\Users\dell\Desktop\tracecomplete.pcap" -T fields -E separator=, -e ip.src -e ip.dst -e _ws.col.Info
but i can't change the separator但我无法更改分隔符
You should be able to change it using the -E option.您应该能够使用-E选项对其进行更改。 Refer to the tshark man page for more help with this option.有关此选项的更多帮助,请参阅tshark手册页。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.