Famous PacketCapture analysis package terminal command line tool wireshark form --tshark, in addition to an interactive graphical interface, provided with wireshark function, it has.
Linux installation command:
sudo apt-get install tshark
After opening in the terminal, without any direct input control parameters tshark command, it will automatically fetch packet, packet information in the terminal one by one presentation, Ctrl + c capture process ends.
Use tshark capture network traffic
tshark -w ~/Desktop/test.pcap -c 10
Achieve the above command line fetch packet network traffic, the first 10 packets captured and stored in a file named test.pcap under / home / mumu / Desktop path, a first network interface by default (See use tsark -D all available network interfaces)
to the content stored packet information obtained by the parameter control certain properties, such as: extracting a frame number, frame relative time, source IP address, destination IP address, protocol packet, and the network traffic from the network previously captured length of the packet, type the command:
tshark -r login.tcpdump -T fields -e frame.number -eframe.time_relative -e ip.src -e ip.dst -e
frame.protocols -e frame.len -E header=y -E quote=n -E occurrence=f
-E header = y tshark command options header to the output line. -E quote = n tshark predetermined data does not include quotes, and -E occurrence = f tshark instructions using a first occurrence of a plurality of fields of occurrence.
Output:
frame.number frame.time_relative ip.src frame.protocols frame.len
1 0.000000000 192.168.0.106 eth:ethertype:ip:tcp 74
2 4.600294664 192.168.0.1 eth:ethertype:ip:udp:data 147
3 4.600846088 192.168.0.1 eth:ethertype:ip:udp:ssdp 303
4 4.601003537 192.168.0.1 eth:ethertype:ip:udp:ssdp 312
5 4.601231011 192.168.0.1 eth:ethertype:ip:udp:ssdp 375
6 4.601380060 192.168.0.1 eth:ethertype:ip:udp:ssdp 312
7 4.601607844 192.168.0.1 eth:ethertype:ip:udp:ssdp 351
8 4.601773182 192.168.0.1 eth:ethertype:ip:udp:ssdp 312
9 4.601954529 192.168.0.1 eth:ethertype:ip:udp:ssdp 371
10 4.602168547 192.168.0.1 eth:ethertype:ip:udp:ssdp 367
The following code implementing the packet stored information, analyze the effectiveness of its ip address code text named checkIP.py
import socket
import sys
import re
def valid_ip(address):
try:
# 将点分十进制字符串数据转换为二进制字符串
socket.inet_aton(address)
return True
except:
return False
total = 0
valid = 0
invalid = 0
for line in sys.stdin:
total = total + 1
line = line.rstrip('\n')
if valid_ip(line):
valid = valid + 1
else:
invalid = invalid + 1
#显示已检查的IP地址总数
print("Total number of IPs checked:",total)
print("Valid IPs found:",valid)
print("Invalid IPs found:",invalid)
Terminal type the command:
tshark -r ~/networkData.pcap -T fields -e ip.src | python checkIP.py
End results showed that:
Total number of IPs checked: 10
Valid IPs found: 8
Invalid IPs found: 2