Aus Mageia wiki
Warnung!
Das Wiki ist umgezogen und befindet sich nun unter https://wiki.mageia.org/en/Hauptseite-de . Bitte nutzen Sie das neue Wiki.
$ urpmq -i wireshark Name : wireshark Version : 1.4.11 Release : 1.mga1 Group : Monitoring Size : 21157147 Architecture: x86_64 Source RPM : wireshark-1.4.11-1.mga1.src.rpm URL : http://www.wireshark.org Summary : Network traffic analyzer Description : Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library.
Save a capture in root-mode as wiresharktest and parse it in non-root mode. $ wireshark -n wiresharktest $ tshark -nr wiresharktest Tested a few of the tools from wireshark-tools $ editcap -r wiresharktest wiresharktest50 1-50 Add_Selected: 1-50 Inclusive ... 1, 50 $ mergecap -v -w wiresharkmerged wiresharktest wiresharktest50 mergecap: wiresharktest is type Wireshark/tcpdump/... - libpcap. mergecap: wiresharktest50 is type Wireshark/tcpdump/... - libpcap. mergecap: selected frame_type Ethernet (ether) Record: 1 Record: 2 etc. $ randpkt -v -b 500 -t dns wireshark_dns.pcap $ wireshark wireshark_dns.pcap $ dftest ip Filter: "ip" dfilter ptr = 0x031faee0 00000 CHECK_EXISTS ip 00001 RETURN $ capinfos wiresharktest50 File name: wiresharktest50 File type: Wireshark/tcpdump/... - libpcap File encapsulation: Ethernet Packet size limit: file hdr: 65535 bytes Number of packets: 50 File size: 7404 bytes Data size: 6580 bytes etc.
