Importpackets from text files containing hex dumps of packet data.Openfiles containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs.Capturelive packet data from a network interface.The following are some of the many features Wireshark provides: People use it to learn network protocolinternals.Developers use it to debug protocol implementations.Network security engineers use it to examine security problems.Network administrators use it to troubleshoot network problems.You'll get list, in ascending order of frequency, of each unique src, dst and proto combination present within your sample file. For example, if you append this to that command line: |sort -n |uniq -c |sort -n Under Linux (which is what I use), you can easily pipe the output of that into various other utility programs. If you'd prefer to eliminate the non-IPv4 packets, just add a filter: tshark -r -2 -Tfields -R ip -eip.src -eip.dst -eframe.protocols With that command line, you'll get exactly those fields, but be aware that some lines, such as those with ARP packets, won't have IP addresses (because they're not IP packets), and that IPv6 packets won't show IP addresses because those field names ( ip.src and ip.dst) are only for IPv4. So with that approach in mind, you could use this: tshark -r -2 -Tfields -eip.src -eip.dst -eframe.protocols When I've done that sort of thing before, I typically use tshark to extract the data and then other tools (Python, Perl, awk, etc.) to further refine the resulting data.
0 kommentar(er)
