tshark -h

 TShark (Wireshark) 2.4. (v2.4.1--gf42a0d2b6c)

 Dump and analyze network traffic.

 See https://www.wireshark.org for more information.

 Usage: tshark [options] ...

 Capture interface:

   -i <interface>           name or idx of interface (def: first non-loopback)

   -f <capture filter>      packet filter in libpcap filter syntax

   -s <snaplen>             packet snapshot length (def: appropriate maximum)

   -p                       don't capture in promiscuous mode

   -I                       capture in monitor mode, if available

   -B <buffer size>         size of kernel buffer (def: 2MB)

   -y <link type>           link layer type (def: first appropriate)

   -D                       print list of interfaces and exit

   -L                       print list of link-layer types of iface and exit

 Capture stop conditions:

   -c <packet count>        stop after n packets (def: infinite)

   -a <autostop cond.> ...  duration:NUM - stop after NUM seconds

                            filesize:NUM - stop this file after NUM KB

                               files:NUM - stop after NUM files

 Capture output:

   -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs

                            filesize:NUM - switch to next file after NUM KB

                               files:NUM - ringbuffer: replace after NUM files

 RPCAP options:

   -A <user>:<password>     use RPCAP password authentication

 Input file:

   -r <infile>              set the filename to read from (- to read from stdin)

 Processing:

   -                       perform a two-pass analysis

   -M <packet count>        perform session auto reset

   -R <read filter>         packet Read filter in Wireshark display filter syntax

                            (requires -)

   -Y <display filter>      packet displaY filter in Wireshark display filter

                            syntax

   -n                       disable all name resolutions (def: all enabled)

   -N <name resolve flags>  enable specific name resolution(s): "mnNtCd"

   -d <layer_type>==<selector>,<decode_as_protocol> ...

                            "Decode As", see the man page for details

                            Example: tcp.port==,http

   -H <hosts file>          read a list of entries from a hosts file, which will

                            then be written to a capture file. (Implies -W n)

   --enable-protocol <proto_name>

                            enable dissection of proto_name

   --disable-protocol <proto_name>

                            disable dissection of proto_name

   --enable-heuristic <short_name>

                            enable dissection of heuristic protocol

   --disable-heuristic <short_name>

                            disable dissection of heuristic protocol

 Output:

   -w <outfile|->           write packets to a pcap-format file named "outfile"

                            (or to the standard output for "-")

   -C <config profile>      start with specified configuration profile

   -F <output file type>    set the output file type, default is pcapng

                            an empty "-F" option will list the file types

   -V                       add output of packet tree        (Packet Details)

   -O <protocols>           Only show packet details of these protocols, comma

                            separated

   -P                       print packet summary even when writing to a file

   -S <separator>           the line separator to print between packets

   -x                       add output of hex and ASCII dump (Packet Bytes)

   -T pdml|ps|psml|json|jsonraw|ek|tabs|text|fields|?

                            format of text output (def: text)

   -j <protocolfilter>      protocols layers filter if -T ek|pdml|json selected

                            (e.g. "ip ip.flags text", filter does not expand chil

 d

                            nodes, unless child is specified also in the filter)

   -J <protocolfilter>      top level protocol filter if -T ek|pdml|json selected

                            (e.g. "http tcp", filter which expands all child node

 s)

   -e <field>               field to print if -Tfields selected (e.g. tcp.port,

                            _ws.col.Info)

                            this option can be repeated to print multiple fields

   -E<fieldsoption>=<value> set options for output when -Tfields selected:

      bom=y|n               print a UTF- BOM

      header=y|n            switch headers on and off

      separator=/t|/s|<char> select tab, space, printable character as separator

      occurrence=f|l|a      print first, last or all occurrences of each field

      aggregator=,|/s|<char> select comma, space, printable character as

                            aggregator

      quote=d|s|n           select double, single, no quotes for values

   -t a|ad|d|dd|e|r|u|ud|?  output format of time stamps (def: r: rel. to first)

   -u s|hms                 output format of seconds (def: s: seconds)

   -l                       flush standard output after each packet

   -q                       be more quiet on stdout (e.g. when using statistics)

   -Q                       only log true errors to stderr (quieter than -q)

   -g                       enable group read access on the output file(s)

   -W n                     Save extra information in the file, if supported.

                            n = write network address resolution information

   -X <key>:<value>         eXtension options, see the man page for details

   -U tap_name              PDUs export mode, see the man page for details

   -z <statistics>          various statistics, see the man page for details

   --capture-comment <comment>

                            add a capture comment to the newly created

                            output file (only for pcapng)

   --export-objects <protocol>,<destdir> save exported objects for a protocol to

                            a directory named "destdir"

 Miscellaneous:

   -h                       display this help and exit

   -v                       display version info and exit

   -o <name>:<value> ...    override preference setting

   -K <keytab>              keytab file to use for kerberos decryption

   -G [report]              dump one of several available reports and exit

                            default report="fields"

                            use "-G ?" for more help

 tshark.exe -F

 tshark.exe: option requires an argument -- 'F'

 tshark: The available capture file types for the "-F" flag are:

     5views - InfoVista 5View capture

     btsnoop - Symbian OS btsnoop

     commview - TamoSoft CommView

     dct2000 - Catapult DCT2000 trace (.out format)

     erf - Endace ERF capture

     eyesdn - EyeSDN USB S0/E1 ISDN trace format

     k12text - K12 text file

     lanalyzer - Novell LANalyzer

     logcat - Android Logcat Binary format

     logcat-brief - Android Logcat Brief text format

     logcat-long - Android Logcat Long text format

     logcat-process - Android Logcat Process text format

     logcat-tag - Android Logcat Tag text format

     logcat-thread - Android Logcat Thread text format

     logcat-threadtime - Android Logcat Threadtime text format

     logcat-time - Android Logcat Time text format

     modpcap - Modified tcpdump - pcap

     netmon1 - Microsoft NetMon .x

     netmon2 - Microsoft NetMon .x

     nettl - HP-UX nettl trace

     ngsniffer - Sniffer (DOS)

     ngwsniffer_1_1 - NetXray, Sniffer (Windows) 1.1

     ngwsniffer_2_0 - Sniffer (Windows) .00x

     niobserver - Network Instruments Observer

     nokiapcap - Nokia tcpdump - pcap

     nsecpcap - Wireshark/tcpdump/... - nanosecond pcap

     nstrace10 - NetScaler Trace (Version 1.0)

     nstrace20 - NetScaler Trace (Version 2.0)

     nstrace30 - NetScaler Trace (Version 3.0)

     nstrace35 - NetScaler Trace (Version 3.5)

     pcap - Wireshark/tcpdump/... - pcap

     pcapng - Wireshark/... - pcapng

     rf5 - Tektronix K12xx -bit .rf5 format

     rh6_1pcap - RedHat 6.1 tcpdump - pcap

     snoop - Sun snoop

     suse6_3pcap - SuSE 6.3 tcpdump - pcap

     visual - Visual Networks traffic capture

 tshark -i4 -c  -f "tcp" -F pcap -w c:\test.pcap

 tshark -i4 -a duration: -f "tcp" -F pcap -w e:\test.pcap

tshark使用说明的更多相关文章

  1. tshark 使用说明

    yum install -y wireshark 最近才发现,原来wireshark也提供有Linux命令行工具-tshark.tshark不仅有抓包的功能,还带了解析各种协议的能力.下面我们以两个实 ...

  2. Atitit.项目修改补丁打包工具 使用说明

    Atitit.项目修改补丁打包工具 使用说明 1.1. 打包工具已经在群里面.打包工具.bat1 1.2. 使用方法:放在项目主目录下,执行即可1 1.3. 打包工具的原理以及要打包的项目列表1 1. ...

  3. awk使用说明

    原文地址:http://www.cnblogs.com/verrion/p/awk_usage.html Awk使用说明 运维必须掌握的三剑客工具:grep(文件内容过滤器),sed(数据流处理器), ...

  4. “我爱背单词”beta版发布与使用说明

    我爱背单词BETA版本发布 第二轮迭代终于画上圆满句号,我们的“我爱背单词”beta版本已经发布. Beta版本说明 项目名称 我爱背单词 版本 Beta版 团队名称 北京航空航天大学计算机学院  拒 ...

  5. Oracle 中 union 和union all 的简单使用说明

    1.刚刚工作不久,经常接触oracle,但是对oracle很多东西都不是很熟.今天我们来了解一下union和union all的简单使用说明.Union(union all): 指令的目的是将两个 S ...

  6. Map工具系列-02-数据迁移工具使用说明

    所有cs端工具集成了一个工具面板 -打开(IE) Map工具系列-01-Map代码生成工具说明 Map工具系列-02-数据迁移工具使用说明 Map工具系列-03-代码生成BySQl工具使用说明 Map ...

  7. Map工具系列-03-代码生成BySQl工具使用说明

    所有cs端工具集成了一个工具面板 -打开(IE) Map工具系列-01-Map代码生成工具说明 Map工具系列-02-数据迁移工具使用说明 Map工具系列-03-代码生成BySQl工具使用说明 Map ...

  8. jQuery验证控件jquery.validate.js使用说明

    官网地址:http://bassistance.de/jquery-plugins/jquery-plugin-validation jQuery plugin: Validation 使用说明 转载 ...

  9. gdbsever 使用说明

    gdbsever 使用说明 在新塘N3292x平台下 编译 gdbsever ./configure --target=arm-linux --host=arm-linux arm-linux-gdb ...

随机推荐

  1. Java获取当前类名的两种方法

    适用于非静态方法:this.getClass().getName() 适用于静态方法:Thread.currentThread().getStackTrace()[1].getClassName() ...

  2. JS --- 三目运算符

    1.什么是三目运算:(布尔表达式 ? 值0:值1;) 5>3?alert('5大'):alert('3大'); 即    if(5>3){alert('5大')}else{alert('3 ...

  3. 西部世界第二季全集高清百度云在线观看BT种子迅雷下载

    原名:Westworld地区:美国语言:英语首播:2018-04-23 周一制作公司:HBO类型:科幻/惊悚/悬疑/西部别名:西方极乐园编剧:乔纳森·诺兰 / 丽莎·乔·诺兰导演:乔纳森·诺兰主演:埃 ...

  4. fabric-ca-client

    fabric-ca-client enroll -u http://admin:adminpw@localhost:7054 /root/.fabric-ca-client:总用量 12-rwxr-x ...

  5. 使用DDMS中的内存监测工具Heap来优化内存

    最近在做一个照片墙的应用,涉及到很多知识,其中难点在于如何应对数量庞大的图片,这就涉及到内存管理的知识了.今天介绍的工具是DDMS中自带的Heap,它可以显示出当前引用占用的内存,剩余的内存等信息.下 ...

  6. MVC的Ajax异步请求

    @using (Ajax.BeginForm("GetTime","order",new AjaxOptions() { Confirm="你确认这么 ...

  7. 基于DPI(深度报文解析)的应用识别

    一.概述 1.DPI(Deep packet inspection,深度报文解析) 所谓“深度”是和普通的报文分析层次相比较而言的,“普通报文检测”仅分析IP包4 层以下的内容,包括源地址.目的地址. ...

  8. 【转】Mysql行转换为列

    From : http://www.cnblogs.com/lhj588/archive/2012/06/15/2550392.html# 今晚需要统计数据生成简易报表,由原表格数据是单行的形式,最好 ...

  9. 获取机器的基本参数cat /proc/stat

    获取机器的基本参数cat /proc/stat Note : This guide is applicable to Linux kernels 2.6.14 and above, which add ...

  10. Chapter 1 -- UsingAndAvoidingNull

    "Null sucks." -Doug Lea "Null 很恶心!" "I call it my billion-dollar mistake.&q ...