tshark

in my application i am open Tshark process and start capturing, when i want to finish to capturing i am kill the Tshark process so sometimes the capture file is corrupted and when i am trying to open this file i received the error the capture file appears to have been cut short in the middle of a packet - how to prevent this error there is a batter way to close the Tshark process to avoid this error ? Try stopping the capture process with ctrl+c instead of killing the process. Also, you can try using pcapfix to fix your corrupted packets, it may help making your existing files readable again.

需求：能抓取指定时间长度的包，比如抓取 10s 长度的包； 可选方案： 使用 tcpdump 命令的 -G 和 -W 参数； 自己通过脚本实现在指定时间到达后通过 kill 命令杀掉 tcpdump 抓包进程； 使用 tshark 命令的 -a duration:xx 参数； 基于 tcpdump 的 -G -W 参数实现定时的方案 因为 tcpdump 太有名了，所以一般人十有八九会先想到这个工具； 查阅 tcpdump 的 man 手册可以发现与定时功能相关的参数如下： -G rotate_seconds 如果设置了该参数， tcpdump 将会以 rotate_seconds 为周期对通过 -w 选项指定命名的 dump 文件进行轮转；保存文件命名通过 -w 选项指定，并且应该包含符合 strftime(3) 定义的时间戳格式；如果未指定时间格式，则每一个新产生的文件将会覆盖之前的文件； 如果和 -C 选项配合使用，文件命名将会采用 ' file<count> ' 格式； -W 和 -C 选项配合使用，可以将创建文件数目限制指定值，并且咋达到该数值后，从头开始进行文件覆盖；从行为上，类似于实现了一个 ' rotating ' buffer 的功能；另外，该选项会在为文件命名时使用足够多的前导 0 ， 以便正确支持我们要求的最大数目，同时允许基于该数值进行正确排序； 和 -G

From Python on Linux I would like to sniff 802.11 management 'probe-request' frames. This is possible from Scapy like so: # -*- coding: utf-8 -*- from scapy.all import * def proc(p): if ( p.haslayer(Dot11ProbeReq) ): mac=re.sub(':','',p.addr2) ssid=p[Dot11Elt].info ssid=ssid.decode('utf-8','ignore') if ssid == "": ssid="<BROADCAST>" print "%s:%s" %(mac,ssid) sniff(iface="mon0",prn=proc) Or from tshark like so: tshark -n -i mon0 subtype probereq -R 'wlan.fc.type_subtype eq 4' -T fields -e wlan.sa -e wlan_mgt.ssid We could redirect the output from tshark, and slurp it up with some Python (not

I am trying to process several files by running them through a batch file. I want the batch file to be able to take all the files its given (aka dumped; or dragged and dropped) and process them. Currently I can process the files individually with the following batch command: "C:\Program Files\Wireshark\tshark.exe" -r %1 -Y "filter" -o "uat:user_dlts:\"User 8 (DLT=155)\",\"pxt\",\"0\",\"\",\"0\",\"\"" -o "gui.column.format:\"Info\",\"%%i\""> %1".filter.txt" I am looking to do the same thing as above, but with the ability to simply drag and drop the files onto the batch file to be processed. For

Currently I am sniffing packets from my local wlan interface like : sudo tshark > sampleData.pcap However, I need to feed this data to kafka. Currently, I have a kafka producer script producer.sh : ../bin/kafka-console-producer.sh --broker-list localhost:9092 --topic 'spark-kafka' and feed data to kafka like this: producer.sh < sampleData.pcap where in sampleData.pcap I have pre-captured IP packet information. However, I wanna automate the process where it'd be something like this: sudo tshark > http://localhost:9091 producer.sh < http://localhost:9091 This is obviously just a pseudoalgorithm.