(wireshark)dumpcapandmergecp详细介绍剖析.pptx

Wireshark自带小工具dumpcap And mergecap功能及使用方法介绍;Dumpcap介绍;简单介绍dumpcap的使用方法：;示例1：利用dumpcap抓取网卡Intel(R) 82567LM-3 Gigabit Network Connection 上的封包并保存到E:\test目录下 包名称为1.cap;示例1里面的关于网卡接口的问题，还有更方便的方法，如下图： -D 打印目前机器上的网卡信息的每块网卡会打印出序号和接口名，抓包的时候直接输入网卡的序号就可以了，这样就不用输入 一长串接口名。 ;示例2：利用dumpcap抓取网卡Intel(R) 82567LM-3 Gigabit Network Connection 上的封包并保存到E:\test目录下 包名称为2.cap ，每隔100M切档;示例3：利用dumpcap抓取网卡Intel(R) 82567LM-3 Gigabit Network Connection 上网段的封包并保存到E:\test目录下命名为sef.cap;Dumpcap参数列表;抓包过滤规则简单介绍此工具抓包的过滤规则跟wireshrak是相同的，下面列举一些规则，可以自己搭配dumpcap练习操作;Dumpcap更多知识参考连接： /docs/mans/dumpcap.html /docs/wsug_html_chunked/AppToolsdumpcap.html /blog/2011/mar/9/long-term-traffic-capture-wireshark/ /KnownBugs/OutOfMemory;Mergecap介绍;合并封包工具mergecap的使用方法;示例1：将文件存在于E:\test目录下的sop009.cap 跟sop010合并成一个文件并命名为2.cap;The following is an example of using mergecap to merge four capture files (capture1, capture2,capture3, and capture4) into a single output file called merge_file regardless of packet timestamp,it will write all of the packets of capture1, followed by capture 2, and so on:; -a Causes the frame timestamps to be ignored, writing all packets from the first input file followed by all packets from the second input file. By default, when -a is not specified, the contents of the input files are merged in chronological order based on each frames timestamp.Note: when merging, mergecap assumes that packets within a capture file are already in chronological order. -F file format Sets the file format of the output capture file. Mergecap can write the file in several formats; mergecap -F provides a list of the available output formats. The default is to use the file format of the first input file. -h Prints the version and options and exits. -v Causes mergecap to print a number of messages while its working. -w outfile|- Sets the output filename. If the name is -, stdout will be used. This setting is mandatory. ;参考连接： /wireshark/1.0.0/user-guide/AppToolsmergecap.html /book/networking/network-monitoring/1932