Wireshark命令行应用

    Wireshark命令行应用

典型案例:

c:\Program Files\Wireshark>Wireshark -i 1 -k -t ad -b duration:600  -w d:\cc

可实现自动启动Wireshark 程序,定时形成一个抓包文件。


命令行参数

Capture interface:
  -i             name or idx of interface (def: first non-loopback)
  -f       packet filter in libpcap filter syntax
  -s              packet snapshot length (def: 65535)
  -p                        don't capture in promiscuous mode
  -k                        start capturing immediately (def: do nothing)
  -S                       update packet display when new packets are captured
  -l                          turn on automatic scrolling while -S is in use
  -B          size of kernel buffer (def: 2MB)
  -y              link layer type (def: first appropriate)
  -D                       print list of interfaces and exit
  -L                       print list of link-layer types of iface and exit

Capture stop conditions:
  -c           stop after n packets (def: infinite)
  -a ...  duration:NUM - stop after NUM seconds
                                          filesize:NUM - stop this file after NUM KB
                                          files:NUM - stop after NUM files
Capture output:
  -b ... duration:NUM - switch to next file after NUM secs
                              filesize:NUM - switch to next file after NUM KB
                              files:NUM - ringbuffer: replace after NUM files
RPCAP options:
  -A :     use RPCAP password authentication
Input file:
  -r               set the filename to read from (no pipes or stdin!)

Processing:
  -R          packet filter in Wireshark display filter syntax
  -n                       disable all name resolutions (def: all enabled)
  -N   enable specific name resolution(s): "mntC"

User interface:
  -C       start with specified configuration profile
  -Y       start with the given display filter
  -g        go to specified packet number after "-r"
  -J          jump to the first packet matching the (display)
                           filter
  -j                       search backwards for a matching packet after "-J"
  -m                 set the font name used for most text
  -t a|ad|d|dd|e|r|u|ud    output format of time stamps (def: r: rel. to first)
  -u s|hms                 output format of seconds (def: s: seconds)
  -X :         eXtension options, see man page for details
  -z           show various statistics, see man page for details

Output:
  -w            set the output filename (or '-' for stdout)

Miscellaneous:
  -h                       display this help and exit
  -v                       display version info and exit
  -P :          persconf:path - personal configuration files
                           persdata:path - personal data files
  -o : ...    override preference or recent setting
  -K               keytab file to use for kerberos decryption


详细中文介绍可参照:http://man.lupaworld.com/content/network/wireshark/c9.2.html


补充tcpdump用法: 

#tcpdump -i eth0 -tttt -c 100 dst 8.8.8.8 and port 53 -w dns.pcapng



你可能感兴趣的:(windows)