Windows Wireshark筛选器语法
我正在尝试为TShark编写一个基于命令行的Wireshark过滤器。 我想将这些选项添加到命令中:Windows Wireshark筛选器语法,windows,networking,wireshark,Windows,Networking,Wireshark,我正在尝试为TShark编写一个基于命令行的Wireshark过滤器。 我想将这些选项添加到命令中: -i 2 (interface with index n°2) -a duration:60 (the "scan" should last 60 seconds) -v (print the result and exit) -x (print an ASCII dump in the file) 以及仅捕获具有以下特殊性的数据包的过滤器: "ip" (only IP packets) "i
-i 2 (interface with index n°2)
-a duration:60 (the "scan" should last 60 seconds)
-v (print the result and exit)
-x (print an ASCII dump in the file)
"ip" (only IP packets)
"ip.src == 192.168.0.1" (source IP adress should be 192.168.0.1)
"ip.dst == 111.222.111.222" (destination IP adress should be 111.222.111.222)
"port == 80 or port == 443" (port should be http or https)
"http.request.method == 'GET'" (it should be a GET request)
tshark -i 2 -a duration:60 -vx -f "ip" && "ip.src == 192.168.0.1" && "ip.dst == 111.222.111.222" && "port == 80 or port == 443" && "http.request.method == 'GET'" > test.txt
- 还想询问是否有某种“停止执行”命令可以停止当前捕获,但仍将结果保存在.txt文件中
-f“"ip && ip.src == 192.168.0.1 && ip.dst == 111.222.111.222 &&
port == 80 or port == 443 && http.request.method == 'GET'"
"ip src 192.168.0.1 && ip dst 111.222.111.222 && (tcp port 80 or tcp port == 443)"
tcp.portportHTTP.request.method=='GET'(在“或”子句周围的括号可能不是必需的,但我更希望它们只是使表达式的含义更加明显。)是的,但我需要的是tshark捕获筛选器而不是显示筛选器。因此“-f“应该是正确的选项,不是吗?您得到的特定错误是由命令中的
&&-r "ip && ip.src == 192.168.0.1 && ip.dst == 111.222.111.222 && (tcp.port == 80 or tcp.port == 443) && http.request.method == 'GET'"