tshark -h

 TShark (Wireshark) 2.4. (v2.4.1--gf42a0d2b6c)

 Dump and analyze network traffic.

 See https://www.wireshark.org for more information.

 Usage: tshark [options] ...

 Capture interface:

   -i <interface>           name or idx of interface (def: first non-loopback)

   -f <capture filter>      packet filter in libpcap filter syntax

   -s <snaplen>             packet snapshot length (def: appropriate maximum)

   -p                       don't capture in promiscuous mode

   -I                       capture in monitor mode, if available

   -B <buffer size>         size of kernel buffer (def: 2MB)

   -y <link type>           link layer type (def: first appropriate)

   -D                       print list of interfaces and exit

   -L                       print list of link-layer types of iface and exit

 Capture stop conditions:

   -c <packet count>        stop after n packets (def: infinite)

   -a <autostop cond.> ...  duration:NUM - stop after NUM seconds

                            filesize:NUM - stop this file after NUM KB

                               files:NUM - stop after NUM files

 Capture output:

   -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs

                            filesize:NUM - switch to next file after NUM KB

                               files:NUM - ringbuffer: replace after NUM files

 RPCAP options:

   -A <user>:<password>     use RPCAP password authentication

 Input file:

   -r <infile>              set the filename to read from (- to read from stdin)

 Processing:

   -                       perform a two-pass analysis

   -M <packet count>        perform session auto reset

   -R <read filter>         packet Read filter in Wireshark display filter syntax

                            (requires -)

   -Y <display filter>      packet displaY filter in Wireshark display filter

                            syntax

   -n                       disable all name resolutions (def: all enabled)

   -N <name resolve flags>  enable specific name resolution(s): "mnNtCd"

   -d <layer_type>==<selector>,<decode_as_protocol> ...

                            "Decode As", see the man page for details

                            Example: tcp.port==,http

   -H <hosts file>          read a list of entries from a hosts file, which will

                            then be written to a capture file. (Implies -W n)

   --enable-protocol <proto_name>

                            enable dissection of proto_name

   --disable-protocol <proto_name>

                            disable dissection of proto_name

   --enable-heuristic <short_name>

                            enable dissection of heuristic protocol

   --disable-heuristic <short_name>

                            disable dissection of heuristic protocol

 Output:

   -w <outfile|->           write packets to a pcap-format file named "outfile"

                            (or to the standard output for "-")

   -C <config profile>      start with specified configuration profile

   -F <output file type>    set the output file type, default is pcapng

                            an empty "-F" option will list the file types

   -V                       add output of packet tree        (Packet Details)

   -O <protocols>           Only show packet details of these protocols, comma

                            separated

   -P                       print packet summary even when writing to a file

   -S <separator>           the line separator to print between packets

   -x                       add output of hex and ASCII dump (Packet Bytes)

   -T pdml|ps|psml|json|jsonraw|ek|tabs|text|fields|?

                            format of text output (def: text)

   -j <protocolfilter>      protocols layers filter if -T ek|pdml|json selected

                            (e.g. "ip ip.flags text", filter does not expand chil

 d

                            nodes, unless child is specified also in the filter)

   -J <protocolfilter>      top level protocol filter if -T ek|pdml|json selected

                            (e.g. "http tcp", filter which expands all child node

 s)

   -e <field>               field to print if -Tfields selected (e.g. tcp.port,

                            _ws.col.Info)

                            this option can be repeated to print multiple fields

   -E<fieldsoption>=<value> set options for output when -Tfields selected:

      bom=y|n               print a UTF- BOM

      header=y|n            switch headers on and off

      separator=/t|/s|<char> select tab, space, printable character as separator

      occurrence=f|l|a      print first, last or all occurrences of each field

      aggregator=,|/s|<char> select comma, space, printable character as

                            aggregator

      quote=d|s|n           select double, single, no quotes for values

   -t a|ad|d|dd|e|r|u|ud|?  output format of time stamps (def: r: rel. to first)

   -u s|hms                 output format of seconds (def: s: seconds)

   -l                       flush standard output after each packet

   -q                       be more quiet on stdout (e.g. when using statistics)

   -Q                       only log true errors to stderr (quieter than -q)

   -g                       enable group read access on the output file(s)

   -W n                     Save extra information in the file, if supported.

                            n = write network address resolution information

   -X <key>:<value>         eXtension options, see the man page for details

   -U tap_name              PDUs export mode, see the man page for details

   -z <statistics>          various statistics, see the man page for details

   --capture-comment <comment>

                            add a capture comment to the newly created

                            output file (only for pcapng)

   --export-objects <protocol>,<destdir> save exported objects for a protocol to

                            a directory named "destdir"

 Miscellaneous:

   -h                       display this help and exit

   -v                       display version info and exit

   -o <name>:<value> ...    override preference setting

   -K <keytab>              keytab file to use for kerberos decryption

   -G [report]              dump one of several available reports and exit

                            default report="fields"

                            use "-G ?" for more help

 tshark.exe -F

 tshark.exe: option requires an argument -- 'F'

 tshark: The available capture file types for the "-F" flag are:

     5views - InfoVista 5View capture

     btsnoop - Symbian OS btsnoop

     commview - TamoSoft CommView

     dct2000 - Catapult DCT2000 trace (.out format)

     erf - Endace ERF capture

     eyesdn - EyeSDN USB S0/E1 ISDN trace format

     k12text - K12 text file

     lanalyzer - Novell LANalyzer

     logcat - Android Logcat Binary format

     logcat-brief - Android Logcat Brief text format

     logcat-long - Android Logcat Long text format

     logcat-process - Android Logcat Process text format

     logcat-tag - Android Logcat Tag text format

     logcat-thread - Android Logcat Thread text format

     logcat-threadtime - Android Logcat Threadtime text format

     logcat-time - Android Logcat Time text format

     modpcap - Modified tcpdump - pcap

     netmon1 - Microsoft NetMon .x

     netmon2 - Microsoft NetMon .x

     nettl - HP-UX nettl trace

     ngsniffer - Sniffer (DOS)

     ngwsniffer_1_1 - NetXray, Sniffer (Windows) 1.1

     ngwsniffer_2_0 - Sniffer (Windows) .00x

     niobserver - Network Instruments Observer

     nokiapcap - Nokia tcpdump - pcap

     nsecpcap - Wireshark/tcpdump/... - nanosecond pcap

     nstrace10 - NetScaler Trace (Version 1.0)

     nstrace20 - NetScaler Trace (Version 2.0)

     nstrace30 - NetScaler Trace (Version 3.0)

     nstrace35 - NetScaler Trace (Version 3.5)

     pcap - Wireshark/tcpdump/... - pcap

     pcapng - Wireshark/... - pcapng

     rf5 - Tektronix K12xx -bit .rf5 format

     rh6_1pcap - RedHat 6.1 tcpdump - pcap

     snoop - Sun snoop

     suse6_3pcap - SuSE 6.3 tcpdump - pcap

     visual - Visual Networks traffic capture

 tshark -i4 -c  -f "tcp" -F pcap -w c:\test.pcap

 tshark -i4 -a duration: -f "tcp" -F pcap -w e:\test.pcap

tshark使用说明的更多相关文章

  1. tshark 使用说明

    yum install -y wireshark 最近才发现,原来wireshark也提供有Linux命令行工具-tshark.tshark不仅有抓包的功能,还带了解析各种协议的能力.下面我们以两个实 ...

  2. Atitit.项目修改补丁打包工具 使用说明

    Atitit.项目修改补丁打包工具 使用说明 1.1. 打包工具已经在群里面.打包工具.bat1 1.2. 使用方法:放在项目主目录下,执行即可1 1.3. 打包工具的原理以及要打包的项目列表1 1. ...

  3. awk使用说明

    原文地址:http://www.cnblogs.com/verrion/p/awk_usage.html Awk使用说明 运维必须掌握的三剑客工具:grep(文件内容过滤器),sed(数据流处理器), ...

  4. “我爱背单词”beta版发布与使用说明

    我爱背单词BETA版本发布 第二轮迭代终于画上圆满句号,我们的“我爱背单词”beta版本已经发布. Beta版本说明 项目名称 我爱背单词 版本 Beta版 团队名称 北京航空航天大学计算机学院  拒 ...

  5. Oracle 中 union 和union all 的简单使用说明

    1.刚刚工作不久,经常接触oracle,但是对oracle很多东西都不是很熟.今天我们来了解一下union和union all的简单使用说明.Union(union all): 指令的目的是将两个 S ...

  6. Map工具系列-02-数据迁移工具使用说明

    所有cs端工具集成了一个工具面板 -打开(IE) Map工具系列-01-Map代码生成工具说明 Map工具系列-02-数据迁移工具使用说明 Map工具系列-03-代码生成BySQl工具使用说明 Map ...

  7. Map工具系列-03-代码生成BySQl工具使用说明

    所有cs端工具集成了一个工具面板 -打开(IE) Map工具系列-01-Map代码生成工具说明 Map工具系列-02-数据迁移工具使用说明 Map工具系列-03-代码生成BySQl工具使用说明 Map ...

  8. jQuery验证控件jquery.validate.js使用说明

    官网地址:http://bassistance.de/jquery-plugins/jquery-plugin-validation jQuery plugin: Validation 使用说明 转载 ...

  9. gdbsever 使用说明

    gdbsever 使用说明 在新塘N3292x平台下 编译 gdbsever ./configure --target=arm-linux --host=arm-linux arm-linux-gdb ...

随机推荐

  1. C语言之基本算法24—黄金切割法求方程近似根

    //黄金切割法! /* ================================================================ 题目:用黄金切割法求解3*x*x*x-2*x* ...

  2. python三大web框架Django,Flask,Flask,Python几种主流框架,13个Python web框架比较,2018年Python web五大主流框架

    Python几种主流框架 从GitHub中整理出的15个最受欢迎的Python开源框架.这些框架包括事件I/O,OLAP,Web开发,高性能网络通信,测试,爬虫等. Django: Python We ...

  3. C#中的命名空间namespace与Java中的包package之间的区别

    Java 包被用来组织文件或公共类型以避免类型冲突.包结构可以映射到文件系统. System.Security.Cryptography.AsymmetricAlgorithm aa; 可能被替换: ...

  4. android studio运行时报错AVD Nexus_5X_API_P is already running解决办法

    运行刚搭建好的Android环境时会报这种错误: AVD Nexus_5X_API_P is already running. If that is not the case, delete the ...

  5. verilog语法实例学习(10)

    常用的时序电路介绍 T触发器和JK触发器 在D触发器输入端添加一些简单的逻辑电路,可以生成另一种类型的存储元件.比如下图所示的T触发器.该电路有一个上升沿触发的触发器和两个与门,一个或门,以及一个反相 ...

  6. 奇怪吸引子---DequanLi

    奇怪吸引子是混沌学的重要组成理论,用于演化过程的终极状态,具有如下特征:终极性.稳定性.吸引性.吸引子是一个数学概念,描写运动的收敛类型.它是指这样的一个集合,当时间趋于无穷大时,在任何一个有界集上出 ...

  7. 【转】QT 串口QSerialPort + 解决接收数据不完整问题

    类:QSerialPort 例程:Examples\Qt-5.9.1\serialport\terminal,该例子完美展示了qt串口收发过程,直接在这上面修改就可以得到自己的串口软件.核心方法 // ...

  8. fatal error LNK1104: 无法打开文件“libc.lib”的问题 (转)

    今天,编译程序的时候,意外遇到了一个错误,就是VS2008一直提示:fatal error LNK1104: 无法打开文件“libc.lib”,后来在网上查找了很多资料,终于知道原因了... 如果将用 ...

  9. FileProvider N 7.0 升级 安装APK 选择文件 拍照 临时权限 MD

    Markdown版本笔记 我的GitHub首页 我的博客 我的微信 我的邮箱 MyAndroidBlogs baiqiantao baiqiantao bqt20094 baiqiantao@sina ...

  10. Android -- onAttachedToWindow()

    onAttachedToWindow在Activity生命周期中的位置 放大招: onAttachedToWindow不能在onCreate中哟~ View view = getWindow().ge ...