tshark -h

 TShark (Wireshark) 2.4. (v2.4.1--gf42a0d2b6c)

 Dump and analyze network traffic.

 See https://www.wireshark.org for more information.

 Usage: tshark [options] ...

 Capture interface:

   -i <interface>           name or idx of interface (def: first non-loopback)

   -f <capture filter>      packet filter in libpcap filter syntax

   -s <snaplen>             packet snapshot length (def: appropriate maximum)

   -p                       don't capture in promiscuous mode

   -I                       capture in monitor mode, if available

   -B <buffer size>         size of kernel buffer (def: 2MB)

   -y <link type>           link layer type (def: first appropriate)

   -D                       print list of interfaces and exit

   -L                       print list of link-layer types of iface and exit

 Capture stop conditions:

   -c <packet count>        stop after n packets (def: infinite)

   -a <autostop cond.> ...  duration:NUM - stop after NUM seconds

                            filesize:NUM - stop this file after NUM KB

                               files:NUM - stop after NUM files

 Capture output:

   -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs

                            filesize:NUM - switch to next file after NUM KB

                               files:NUM - ringbuffer: replace after NUM files

 RPCAP options:

   -A <user>:<password>     use RPCAP password authentication

 Input file:

   -r <infile>              set the filename to read from (- to read from stdin)

 Processing:

   -                       perform a two-pass analysis

   -M <packet count>        perform session auto reset

   -R <read filter>         packet Read filter in Wireshark display filter syntax

                            (requires -)

   -Y <display filter>      packet displaY filter in Wireshark display filter

                            syntax

   -n                       disable all name resolutions (def: all enabled)

   -N <name resolve flags>  enable specific name resolution(s): "mnNtCd"

   -d <layer_type>==<selector>,<decode_as_protocol> ...

                            "Decode As", see the man page for details

                            Example: tcp.port==,http

   -H <hosts file>          read a list of entries from a hosts file, which will

                            then be written to a capture file. (Implies -W n)

   --enable-protocol <proto_name>

                            enable dissection of proto_name

   --disable-protocol <proto_name>

                            disable dissection of proto_name

   --enable-heuristic <short_name>

                            enable dissection of heuristic protocol

   --disable-heuristic <short_name>

                            disable dissection of heuristic protocol

 Output:

   -w <outfile|->           write packets to a pcap-format file named "outfile"

                            (or to the standard output for "-")

   -C <config profile>      start with specified configuration profile

   -F <output file type>    set the output file type, default is pcapng

                            an empty "-F" option will list the file types

   -V                       add output of packet tree        (Packet Details)

   -O <protocols>           Only show packet details of these protocols, comma

                            separated

   -P                       print packet summary even when writing to a file

   -S <separator>           the line separator to print between packets

   -x                       add output of hex and ASCII dump (Packet Bytes)

   -T pdml|ps|psml|json|jsonraw|ek|tabs|text|fields|?

                            format of text output (def: text)

   -j <protocolfilter>      protocols layers filter if -T ek|pdml|json selected

                            (e.g. "ip ip.flags text", filter does not expand chil

 d

                            nodes, unless child is specified also in the filter)

   -J <protocolfilter>      top level protocol filter if -T ek|pdml|json selected

                            (e.g. "http tcp", filter which expands all child node

 s)

   -e <field>               field to print if -Tfields selected (e.g. tcp.port,

                            _ws.col.Info)

                            this option can be repeated to print multiple fields

   -E<fieldsoption>=<value> set options for output when -Tfields selected:

      bom=y|n               print a UTF- BOM

      header=y|n            switch headers on and off

      separator=/t|/s|<char> select tab, space, printable character as separator

      occurrence=f|l|a      print first, last or all occurrences of each field

      aggregator=,|/s|<char> select comma, space, printable character as

                            aggregator

      quote=d|s|n           select double, single, no quotes for values

   -t a|ad|d|dd|e|r|u|ud|?  output format of time stamps (def: r: rel. to first)

   -u s|hms                 output format of seconds (def: s: seconds)

   -l                       flush standard output after each packet

   -q                       be more quiet on stdout (e.g. when using statistics)

   -Q                       only log true errors to stderr (quieter than -q)

   -g                       enable group read access on the output file(s)

   -W n                     Save extra information in the file, if supported.

                            n = write network address resolution information

   -X <key>:<value>         eXtension options, see the man page for details

   -U tap_name              PDUs export mode, see the man page for details

   -z <statistics>          various statistics, see the man page for details

   --capture-comment <comment>

                            add a capture comment to the newly created

                            output file (only for pcapng)

   --export-objects <protocol>,<destdir> save exported objects for a protocol to

                            a directory named "destdir"

 Miscellaneous:

   -h                       display this help and exit

   -v                       display version info and exit

   -o <name>:<value> ...    override preference setting

   -K <keytab>              keytab file to use for kerberos decryption

   -G [report]              dump one of several available reports and exit

                            default report="fields"

                            use "-G ?" for more help

 tshark.exe -F

 tshark.exe: option requires an argument -- 'F'

 tshark: The available capture file types for the "-F" flag are:

     5views - InfoVista 5View capture

     btsnoop - Symbian OS btsnoop

     commview - TamoSoft CommView

     dct2000 - Catapult DCT2000 trace (.out format)

     erf - Endace ERF capture

     eyesdn - EyeSDN USB S0/E1 ISDN trace format

     k12text - K12 text file

     lanalyzer - Novell LANalyzer

     logcat - Android Logcat Binary format

     logcat-brief - Android Logcat Brief text format

     logcat-long - Android Logcat Long text format

     logcat-process - Android Logcat Process text format

     logcat-tag - Android Logcat Tag text format

     logcat-thread - Android Logcat Thread text format

     logcat-threadtime - Android Logcat Threadtime text format

     logcat-time - Android Logcat Time text format

     modpcap - Modified tcpdump - pcap

     netmon1 - Microsoft NetMon .x

     netmon2 - Microsoft NetMon .x

     nettl - HP-UX nettl trace

     ngsniffer - Sniffer (DOS)

     ngwsniffer_1_1 - NetXray, Sniffer (Windows) 1.1

     ngwsniffer_2_0 - Sniffer (Windows) .00x

     niobserver - Network Instruments Observer

     nokiapcap - Nokia tcpdump - pcap

     nsecpcap - Wireshark/tcpdump/... - nanosecond pcap

     nstrace10 - NetScaler Trace (Version 1.0)

     nstrace20 - NetScaler Trace (Version 2.0)

     nstrace30 - NetScaler Trace (Version 3.0)

     nstrace35 - NetScaler Trace (Version 3.5)

     pcap - Wireshark/tcpdump/... - pcap

     pcapng - Wireshark/... - pcapng

     rf5 - Tektronix K12xx -bit .rf5 format

     rh6_1pcap - RedHat 6.1 tcpdump - pcap

     snoop - Sun snoop

     suse6_3pcap - SuSE 6.3 tcpdump - pcap

     visual - Visual Networks traffic capture

 tshark -i4 -c  -f "tcp" -F pcap -w c:\test.pcap

 tshark -i4 -a duration: -f "tcp" -F pcap -w e:\test.pcap

tshark使用说明的更多相关文章

  1. tshark 使用说明

    yum install -y wireshark 最近才发现,原来wireshark也提供有Linux命令行工具-tshark.tshark不仅有抓包的功能,还带了解析各种协议的能力.下面我们以两个实 ...

  2. Atitit.项目修改补丁打包工具 使用说明

    Atitit.项目修改补丁打包工具 使用说明 1.1. 打包工具已经在群里面.打包工具.bat1 1.2. 使用方法:放在项目主目录下,执行即可1 1.3. 打包工具的原理以及要打包的项目列表1 1. ...

  3. awk使用说明

    原文地址:http://www.cnblogs.com/verrion/p/awk_usage.html Awk使用说明 运维必须掌握的三剑客工具:grep(文件内容过滤器),sed(数据流处理器), ...

  4. “我爱背单词”beta版发布与使用说明

    我爱背单词BETA版本发布 第二轮迭代终于画上圆满句号,我们的“我爱背单词”beta版本已经发布. Beta版本说明 项目名称 我爱背单词 版本 Beta版 团队名称 北京航空航天大学计算机学院  拒 ...

  5. Oracle 中 union 和union all 的简单使用说明

    1.刚刚工作不久,经常接触oracle,但是对oracle很多东西都不是很熟.今天我们来了解一下union和union all的简单使用说明.Union(union all): 指令的目的是将两个 S ...

  6. Map工具系列-02-数据迁移工具使用说明

    所有cs端工具集成了一个工具面板 -打开(IE) Map工具系列-01-Map代码生成工具说明 Map工具系列-02-数据迁移工具使用说明 Map工具系列-03-代码生成BySQl工具使用说明 Map ...

  7. Map工具系列-03-代码生成BySQl工具使用说明

    所有cs端工具集成了一个工具面板 -打开(IE) Map工具系列-01-Map代码生成工具说明 Map工具系列-02-数据迁移工具使用说明 Map工具系列-03-代码生成BySQl工具使用说明 Map ...

  8. jQuery验证控件jquery.validate.js使用说明

    官网地址:http://bassistance.de/jquery-plugins/jquery-plugin-validation jQuery plugin: Validation 使用说明 转载 ...

  9. gdbsever 使用说明

    gdbsever 使用说明 在新塘N3292x平台下 编译 gdbsever ./configure --target=arm-linux --host=arm-linux arm-linux-gdb ...

随机推荐

  1. .NET:自定义配置节

    背景 对于编译型应用程序来说,参数化程序行为是非常有必要的,.NET有其标准的配置方法,我们可以可以扩展. 示例 代码 using System; using System.Collections; ...

  2. Android之用自定义的shape去实现shadow效果

    直接上xml文件, 并且附上相应的解析: <?xml version="1.0" encoding="utf-8"?> <selector x ...

  3. 关闭Windows Server 2012的IE增强安全配置

    在Windows Server 2012中,IE的安全性被增强,对于没有加入信任站点的网址会弹出提示框: 微软这样做是为了增强IE的安全性,但是在实际的使用过程中并不是很方便.如果是个人电脑安装了Wi ...

  4. modbus.c

    #include <avr/io.h> #include <avr/interrupt.h> #include <util/delay.h> //#include ...

  5. QT中使用MinGW 编译的protobuf库--包含库的生成和使用

    QT中使用MinGW 编译的protobuf库--包含库的生成和使用 0前言 1准备工作 2生成protobuf库文件 3在QT中测试protobuf的使用 4结语 0前言 最近要在QT中使用prot ...

  6. 使用C#反射机制访问类的私有成员【转】

    首先我必须承认访问一个类的私有成员不是什么好做法.大家也都知道私有成员在外部是不能被访问的.而一个类中会存在很多私有成员:如私有字段.私有属性.私有方法.对于私有成员访问,可以套用下面这种非常好的方式 ...

  7. query多选下拉框插件 jquery-multiselect(修改)

    其实网上关于该控件的使用教程已经很多了,其中 query多选下拉框插件 jquery-multiselect Jquery多选下拉列表插件jquery multiselect功能介绍及使用 这2个的介 ...

  8. Set Matrix Zeroes leetcode java

    题目: Given a m x n matrix, if an element is 0, set its entire row and column to 0. Do it in place. cl ...

  9. vue里ref ($refs)用法

    ref 有三种用法: 1.ref 加在普通的元素上,用this.ref.name 获取到的是dom元素 2.ref 加在子组件上,用this.ref.name 获取到的是组件实例,可以使用组件的所有方 ...

  10. NLP常用信息资源

    ACL Anthology,囊括了ACL,EMNLP,CL等NLP领域重要会议和期刊的论文.http://www.aclweb.org/anthology-new/ LDC: The Linguist ...