WireShark의 부가기능

WireShark의 유용한 프로그램들

 

tshark - Dump and analyze network traffic
tshark.exe -i <인터페이스번호> -w 파일명

 

mergecap - 둘 이상의 cap파일을 합친다.
mergecap.exe -w 3.cap 1.cap 2.cap

 

capinfos - cap파일의 정보를 출력

capinfos.exe 1.cap

 

dumpcap - Dump network traffic

dumpcap.exe -i <인터페이스번호> -w 파일명

editcap - Edit and/or translate the format of capture files
==============================================================================================

To shrink the capture file by truncating the packets at 64 bytes and writing it as Sun snoop file use:

    editcap -s 64 -F snoop capture.pcap shortcapture.snoopTo delete packet 1000 from the capture file use:

    editcap capture.pcap sans1000.pcap 1000To limit a capture file to packets from number 200 to 750 (inclusive) use:

    editcap -r capture.pcap small.pcap 200-750To get all packets from number 1-500 (inclusive) use:

    editcap -r capture.pcap first500.pcap 1-500or

    editcap capture.pcap first500.pcap 501-9999999To exclude packets 1, 5, 10 to 20 and 30 to 40 from the new file use:

    editcap capture.pcap exclude.pcap 1 5 10-20 30-40To select just packets 1, 5, 10 to 20 and 30 to 40 for the new file use:

    editcap -r capture.pcap select.pcap 1 5 10-20 30-40To remove duplicate packets seen within the prior four frames use:

    editcap -d capture.pcap dedup.pcapTo remove duplicate packets seen within the prior 100 frames use:

    editcap -D 101 capture.pcap dedup.pcapTo remove duplicate packets seen equal to or less than 1/10th of a second:

    editcap -w 0.1 capture.pcap dedup.pcapTo display the MD5 hash for all of the packets (and NOT generate any real output file):

    editcap -v -D 0 capture.pcap /dev/nullor on Windows systems

    editcap -v -D 0 capture.pcap NULTo introduce 5% random errors in a capture file use:

  editcap -E 0.05 capture.pcap capture_error.pcap

================================================================================================

 

이어서...