过滤包含 MAC 地址子字符串的 pcaps
Filter pcaps containing a MAC address substring
脚本 (macOS) 是这样调用的:
./Sharksort <all or part of wlan.addr> file-name
example: ./Sharkesort 42:80 Store-1-pass1.pcapng
输出应该是所有流量 to/from 客户端在其硬件地址中包含 42:80。
for stream in tshark -r -Y "wlan.addr contains ";
do
tshark -r -w client-.pcapng;
done
我得到以下信息:
tshark: An error occurred while writing to the file "client-42:80.pcapng": Internal error.
tshark: An error occurred while writing to the file "client-42:80.pcapng": Internal error.
tshark: An error occurred while writing to the file "client-42:80.pcapng": Internal error.
输出文件只包含第一个数据包。
感谢您的帮助。
为什么 for 循环?为什么不这样做呢?
tshark -r -Y "wlan.addr contains " -w client-.pcapng
-w选项之前的-F选项是关键
脚本 (macOS) 是这样调用的:
./Sharksort <all or part of wlan.addr> file-name
example: ./Sharkesort 42:80 Store-1-pass1.pcapng
输出应该是所有流量 to/from 客户端在其硬件地址中包含 42:80。
for stream in tshark -r -Y "wlan.addr contains ";
do
tshark -r -w client-.pcapng;
done
我得到以下信息:
tshark: An error occurred while writing to the file "client-42:80.pcapng": Internal error.
tshark: An error occurred while writing to the file "client-42:80.pcapng": Internal error.
tshark: An error occurred while writing to the file "client-42:80.pcapng": Internal error.
输出文件只包含第一个数据包。 感谢您的帮助。
为什么 for 循环?为什么不这样做呢?
tshark -r -Y "wlan.addr contains " -w client-.pcapng
-w选项之前的-F选项是关键