tshark -h

 TShark (Wireshark) 2.4. (v2.4.1--gf42a0d2b6c)

 Dump and analyze network traffic.

 See https://www.wireshark.org for more information.

 Usage: tshark [options] ...

 Capture interface:

   -i <interface>           name or idx of interface (def: first non-loopback)

   -f <capture filter>      packet filter in libpcap filter syntax

   -s <snaplen>             packet snapshot length (def: appropriate maximum)

   -p                       don't capture in promiscuous mode

   -I                       capture in monitor mode, if available

   -B <buffer size>         size of kernel buffer (def: 2MB)

   -y <link type>           link layer type (def: first appropriate)

   -D                       print list of interfaces and exit

   -L                       print list of link-layer types of iface and exit

 Capture stop conditions:

   -c <packet count>        stop after n packets (def: infinite)

   -a <autostop cond.> ...  duration:NUM - stop after NUM seconds

                            filesize:NUM - stop this file after NUM KB

                               files:NUM - stop after NUM files

 Capture output:

   -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs

                            filesize:NUM - switch to next file after NUM KB

                               files:NUM - ringbuffer: replace after NUM files

 RPCAP options:

   -A <user>:<password>     use RPCAP password authentication

 Input file:

   -r <infile>              set the filename to read from (- to read from stdin)

 Processing:

   -                       perform a two-pass analysis

   -M <packet count>        perform session auto reset

   -R <read filter>         packet Read filter in Wireshark display filter syntax

                            (requires -)

   -Y <display filter>      packet displaY filter in Wireshark display filter

                            syntax

   -n                       disable all name resolutions (def: all enabled)

   -N <name resolve flags>  enable specific name resolution(s): "mnNtCd"

   -d <layer_type>==<selector>,<decode_as_protocol> ...

                            "Decode As", see the man page for details

                            Example: tcp.port==,http

   -H <hosts file>          read a list of entries from a hosts file, which will

                            then be written to a capture file. (Implies -W n)

   --enable-protocol <proto_name>

                            enable dissection of proto_name

   --disable-protocol <proto_name>

                            disable dissection of proto_name

   --enable-heuristic <short_name>

                            enable dissection of heuristic protocol

   --disable-heuristic <short_name>

                            disable dissection of heuristic protocol

 Output:

   -w <outfile|->           write packets to a pcap-format file named "outfile"

                            (or to the standard output for "-")

   -C <config profile>      start with specified configuration profile

   -F <output file type>    set the output file type, default is pcapng

                            an empty "-F" option will list the file types

   -V                       add output of packet tree        (Packet Details)

   -O <protocols>           Only show packet details of these protocols, comma

                            separated

   -P                       print packet summary even when writing to a file

   -S <separator>           the line separator to print between packets

   -x                       add output of hex and ASCII dump (Packet Bytes)

   -T pdml|ps|psml|json|jsonraw|ek|tabs|text|fields|?

                            format of text output (def: text)

   -j <protocolfilter>      protocols layers filter if -T ek|pdml|json selected

                            (e.g. "ip ip.flags text", filter does not expand chil

 d

                            nodes, unless child is specified also in the filter)

   -J <protocolfilter>      top level protocol filter if -T ek|pdml|json selected

                            (e.g. "http tcp", filter which expands all child node

 s)

   -e <field>               field to print if -Tfields selected (e.g. tcp.port,

                            _ws.col.Info)

                            this option can be repeated to print multiple fields

   -E<fieldsoption>=<value> set options for output when -Tfields selected:

      bom=y|n               print a UTF- BOM

      header=y|n            switch headers on and off

      separator=/t|/s|<char> select tab, space, printable character as separator

      occurrence=f|l|a      print first, last or all occurrences of each field

      aggregator=,|/s|<char> select comma, space, printable character as

                            aggregator

      quote=d|s|n           select double, single, no quotes for values

   -t a|ad|d|dd|e|r|u|ud|?  output format of time stamps (def: r: rel. to first)

   -u s|hms                 output format of seconds (def: s: seconds)

   -l                       flush standard output after each packet

   -q                       be more quiet on stdout (e.g. when using statistics)

   -Q                       only log true errors to stderr (quieter than -q)

   -g                       enable group read access on the output file(s)

   -W n                     Save extra information in the file, if supported.

                            n = write network address resolution information

   -X <key>:<value>         eXtension options, see the man page for details

   -U tap_name              PDUs export mode, see the man page for details

   -z <statistics>          various statistics, see the man page for details

   --capture-comment <comment>

                            add a capture comment to the newly created

                            output file (only for pcapng)

   --export-objects <protocol>,<destdir> save exported objects for a protocol to

                            a directory named "destdir"

 Miscellaneous:

   -h                       display this help and exit

   -v                       display version info and exit

   -o <name>:<value> ...    override preference setting

   -K <keytab>              keytab file to use for kerberos decryption

   -G [report]              dump one of several available reports and exit

                            default report="fields"

                            use "-G ?" for more help

 tshark.exe -F

 tshark.exe: option requires an argument -- 'F'

 tshark: The available capture file types for the "-F" flag are:

     5views - InfoVista 5View capture

     btsnoop - Symbian OS btsnoop

     commview - TamoSoft CommView

     dct2000 - Catapult DCT2000 trace (.out format)

     erf - Endace ERF capture

     eyesdn - EyeSDN USB S0/E1 ISDN trace format

     k12text - K12 text file

     lanalyzer - Novell LANalyzer

     logcat - Android Logcat Binary format

     logcat-brief - Android Logcat Brief text format

     logcat-long - Android Logcat Long text format

     logcat-process - Android Logcat Process text format

     logcat-tag - Android Logcat Tag text format

     logcat-thread - Android Logcat Thread text format

     logcat-threadtime - Android Logcat Threadtime text format

     logcat-time - Android Logcat Time text format

     modpcap - Modified tcpdump - pcap

     netmon1 - Microsoft NetMon .x

     netmon2 - Microsoft NetMon .x

     nettl - HP-UX nettl trace

     ngsniffer - Sniffer (DOS)

     ngwsniffer_1_1 - NetXray, Sniffer (Windows) 1.1

     ngwsniffer_2_0 - Sniffer (Windows) .00x

     niobserver - Network Instruments Observer

     nokiapcap - Nokia tcpdump - pcap

     nsecpcap - Wireshark/tcpdump/... - nanosecond pcap

     nstrace10 - NetScaler Trace (Version 1.0)

     nstrace20 - NetScaler Trace (Version 2.0)

     nstrace30 - NetScaler Trace (Version 3.0)

     nstrace35 - NetScaler Trace (Version 3.5)

     pcap - Wireshark/tcpdump/... - pcap

     pcapng - Wireshark/... - pcapng

     rf5 - Tektronix K12xx -bit .rf5 format

     rh6_1pcap - RedHat 6.1 tcpdump - pcap

     snoop - Sun snoop

     suse6_3pcap - SuSE 6.3 tcpdump - pcap

     visual - Visual Networks traffic capture

 tshark -i4 -c  -f "tcp" -F pcap -w c:\test.pcap

 tshark -i4 -a duration: -f "tcp" -F pcap -w e:\test.pcap

tshark使用说明的更多相关文章

  1. tshark 使用说明

    yum install -y wireshark 最近才发现,原来wireshark也提供有Linux命令行工具-tshark.tshark不仅有抓包的功能,还带了解析各种协议的能力.下面我们以两个实 ...

  2. Atitit.项目修改补丁打包工具 使用说明

    Atitit.项目修改补丁打包工具 使用说明 1.1. 打包工具已经在群里面.打包工具.bat1 1.2. 使用方法:放在项目主目录下,执行即可1 1.3. 打包工具的原理以及要打包的项目列表1 1. ...

  3. awk使用说明

    原文地址:http://www.cnblogs.com/verrion/p/awk_usage.html Awk使用说明 运维必须掌握的三剑客工具:grep(文件内容过滤器),sed(数据流处理器), ...

  4. “我爱背单词”beta版发布与使用说明

    我爱背单词BETA版本发布 第二轮迭代终于画上圆满句号,我们的“我爱背单词”beta版本已经发布. Beta版本说明 项目名称 我爱背单词 版本 Beta版 团队名称 北京航空航天大学计算机学院  拒 ...

  5. Oracle 中 union 和union all 的简单使用说明

    1.刚刚工作不久,经常接触oracle,但是对oracle很多东西都不是很熟.今天我们来了解一下union和union all的简单使用说明.Union(union all): 指令的目的是将两个 S ...

  6. Map工具系列-02-数据迁移工具使用说明

    所有cs端工具集成了一个工具面板 -打开(IE) Map工具系列-01-Map代码生成工具说明 Map工具系列-02-数据迁移工具使用说明 Map工具系列-03-代码生成BySQl工具使用说明 Map ...

  7. Map工具系列-03-代码生成BySQl工具使用说明

    所有cs端工具集成了一个工具面板 -打开(IE) Map工具系列-01-Map代码生成工具说明 Map工具系列-02-数据迁移工具使用说明 Map工具系列-03-代码生成BySQl工具使用说明 Map ...

  8. jQuery验证控件jquery.validate.js使用说明

    官网地址:http://bassistance.de/jquery-plugins/jquery-plugin-validation jQuery plugin: Validation 使用说明 转载 ...

  9. gdbsever 使用说明

    gdbsever 使用说明 在新塘N3292x平台下 编译 gdbsever ./configure --target=arm-linux --host=arm-linux arm-linux-gdb ...

随机推荐

  1. 解决eclipse中web项目出现Project facet Java version 1.8 is not supported.的问题

    项目的jdk和tomcat的jdk版本不同,将eclipse-preference-server-runtime environments点击你要用的tomcat点击edit-jre选择和你项目对应的 ...

  2. YAML 语言教程

    编程免不了要写配置文件,怎么写配置也是一门学问. YAML 是专门用来写配置文件的语言,非常简洁和强大,远比 JSON 格式方便. 本文介绍 YAML 的语法,以 JS-YAML 的实现为例.你可以去 ...

  3. 黑镜第一至二季/全集Black Mirror迅雷下载

    本季第一.二季 Black Mirror (2011-2013)看点:<黑镜>(Black Mirror)是一部由查理·布洛克主创.英国电视4台(Channel 4)于2011年12月播出 ...

  4. 逍遥法外第一季/全集How To Get Away With Murder迅雷下载

    英文译名 How To Get Away With Murder (第1季) (2014-09-26首播)ABC.本季看点: <逍遥法外又名:天才刑法班>由<实习医生格蕾>和& ...

  5. 腾讯Bugly2015年移动应用质量大数据报告 原 荐

    在这份报告中,腾讯Bugly和腾讯优测会对2015年Android和iOS平台上的应用质量进行详细盘点,帮助你了解你的产品质量在行业中处于什么位置. 首先,让我们从整体上,回顾一下2015年度的应用和 ...

  6. [web 前端] web本地存储(localStorage、sessionStorage)

    cp from : https://blog.csdn.net/mjzhang1993/article/details/70820868 web 本地存储 (localStorage.sessionS ...

  7. [Android Security] Smali和逆向分析

    copy : https://blog.csdn.net/u012573920/article/details/44034397 1.Smali简介 Smali是Dalvik的寄存器语言,它与Java ...

  8. Java之旅--定时任务(Timer、Quartz、Spring、LinuxCron)

    在Java中,实现定时任务有多种方式,本文介绍4种,Timer和TimerTask.Spring.QuartZ.Linux Cron. 以上4种实现定时任务的方式,Timer是最简单的,不需要任何框架 ...

  9. Dockerfile 指令汇总及解析

        原文地址:http://www.maoyupeng.com/dockerfile-command-introduction.html 什么是Dockerfile Dockerfile是由一系列 ...

  10. JavaScript:sort() 方法

    ylbtech-JavaScript:sort() 方法 JavaScript sort() 方法 1. 定义和用法返回顶部 sort() 方法用于对数组的元素进行排序. 语法 arrayObject ...