【发布时间】:2016-06-21 20:19:43
【问题描述】:
我正在尝试使用 tshark 自动将 pcap 的完整解剖导出到 .txt 文件。我知道 file->export packet dissections 作为选项,但我正在努力实现这一点。现在我有 tshark -X lua_script: -r > 。 中包含的文件是路径。唯一的 > 是打印文本的命令。它将导出数据包摘要,但不会导出完整的剖析。有没有办法将完整的解剖导出到命令行。这些示例行是现在导出的,
1 0.000000000 02:00:00:00:00:67 -> IPv4mcast_01:05:ee 0x8903 1467 Data Center Ethernet (DCE) protocol(Cisco)
2 0.000001180 10.81.130.23 -> 239.1.5.238 ST 1451 Messages: 14
3 0.006327070 02:00:00:00:00:67 -> IPv4mcast_01:05:ee 0x8903 1467 Data Center Ethernet (DCE) protocol(Cisco)
4 0.006328250 10.81.130.23 -> 239.1.5.238 ST 1451 Messages: 14
5 0.019039770 02:00:00:00:00:67 -> IPv4mcast_01:05:ee 0x8903 1467 Data Center Ethernet (DCE) protocol(Cisco)
这就是我希望导出的样子
No. Time Source Destination Protocol Length Info
2 0.000001180 10.81.130.23 239.1.5.238 ST 1451 Messages: 14
Frame 2: 1451 bytes on wire (11608 bits), 1451 bytes captured (11608 bits)
Ethernet II, Src: Solarfla_0e:e4:a1 (00:0f:53:0e:e4:a1), Dst: IPv4mcast_01:05:ee (01:00:5e:01:05:ee)
Internet Protocol Version 4, Src: 10.81.130.23 (10.81.130.23), Dst: 239.1.5.238 (239.1.5.238)
User Datagram Protocol, Src Port: 43464 (43464), Dst Port: 25238 (25238)
ST Block
Block Header
Sanity: 23559 (Should be 23559)
Header Version (Major: 0 Minor: 1)
Header Size in Bytes: 19
Payload Size in Bytes: 1386
Messages: 14
Environment Id: 0
Feed Id: 1 (Uqdf)
Compression Type: 0
Sender Id: 1
Sequence: 37495844
Message Header
Header Version (Major: 0 Minor: 1)
Header Length in Bytes: 31
Msg Type: 1 (Equity Quote)
Message Version (Major: 0 Minor: 1)
Msg Length in Bytes: 68
Flags: 0
Data Type: 1 (Equity)
Feed Id: 1 (Uqdf)
Feed Line: 1
Feed Seq Num: 7123431
Feed Sub Seq Num: 0
Exchange Time (10:59:59.978517000)
High: 9220
Low: 380047880
注意:这是使用 file->export packet dissections 时数据包解析的样子
提前谢谢你!
【问题讨论】:
标签: wireshark tshark wireshark-dissector