【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> 
1 安装wireshark
yum install wireshark
yum install wireshark-gnome2 查看帮助
tshark -h3 查询本机支持抓包的硬设
tshark -D4 指定网卡
tshark -i eth05 将抓取内容输出到文件
先创建文件
touch packets.pcap
tshark -i eth0 -w packets.pcap
tshark -i eth0 -w packets.pcap -c10 #只抓10个,抓满10即自动停止6 查看packets.pcap文件中的内容
tshark -r packets.pcap
tshark -r packets.pcap -c5 #读取前5个7 通过-V参数查看具体信息
tshark -r packets.pcap -V
tshark -r packets.pcap -V -c1 #结合之前的-c,可以查看第一个包的具体内容8 根据mac地址,ip地址,端口等条件抓包
The following values are available when using this option:
m MAC address resolution
n Network address resolution
t Transport layer (port name) resolution
N Use external resolvers
C Concurrent DNS lookups
tshark -i enp2s0 -n9 抓包过滤:-f
tshark -ni 5 -w pack.pcap -f "tcp port 9980"10 显示过滤:-Y
tshark -r pack.pcap -Y "tcp.dstport == 9980"11 显示时间格式
tshark -r p.pcap -t ad12 查看统计帮助
tshark -z help
http,tree Displays statistics related to HTTP requests and responses13 tshark自带的统计方法
tshark -r pack.pcap -qz conv,tcp14 下面按ip统计
tshark -r pack.pcap -qz conv,ip15 根据被测机器ip以及目标域名进行过滤
tshark -i etho -t ad -w packets.pcap -f "ip src host 被测机器ip(例:192.168.1.19)"
tshark -r packets.pcap -R 'http.host==目标域名(例:www.xxx.com)' -qz conv,ip
来源:oschina
链接:https://my.oschina.net/54188zz/blog/3145531