-
[tshark] a network protocol analyzerSecurity in CPS/Networking 2020. 2. 25. 14:36
https://www.wireshark.org/docs/man-pages/tshark.html
tshark - The Wireshark Network Analyzer 3.2.1
Set capture buffer size (in MiB, default is 2 MiB). This is used by the capture driver to buffer packet data until that data can be written to disk. If you encounter packet drops while capturing, try to increase this size. Note that, while Tshark attempts
www.wireshark.org
tshark 은 tcpdump와 실시간 네트워크 모니터링을 하거나 동일한 포맷(pcap) 파일로 저장할 수 있는 도구 입니다.
그리고 Wireshark 과 캡쳐된 패킷 데이터(pcap) 파일을 필터를 통해 분석할 수 있는 다양한 기능들을 제공합니다.
$ tshark -r file.pcap -q -z io,stat,1,\ "COUNT(tcp.analysis.retransmission) tcp.analysis.retransmission",\ "COUNT(tcp.analysis.duplicate_ack)tcp.analysis.duplicate_ack",\ "COUNT(tcp.analysis.lost_segment) tcp.analysis.lost_segment",\ "COUNT(tcp.analysis.fast_retransmission) tcp.analysis.fast_retransmission"
'Security in CPS > Networking' 카테고리의 다른 글
[dig] How to calculate the query time (0) 2020.05.18 [wireshark] 필터 적용 (0) 2020.02.27 HTTP Benchmarking Tools (0) 2019.11.08 ARP Cache (0) 2019.10.18 [Problem] No SYN,ACK in TCP 3-ways handshake (0) 2019.10.15