我想用tshark
找到不是我的目标或源 IP。为此,我使用( ip-ifconfig
从 ifconfig
给出我的 ip)
# tshark -T fields -e ip.addr -E aggregator=" " | sed "s/$(ip-ifconfig)//"
tshark: Lua: Error during loading:
[string "/usr/share/wireshark/init.lua"]:44: dofile has been disabled due to running Wireshark as superuser. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Capturing on 'wlp3s0'
**5500**
我得到捕获的数据包的数量。我想要IP。
可能必须使用
awk
来操作输出.此命令的输出没有带
sed
的管道是一个 IP 列表
最佳答案
我在找 tshark -l
.
-l Flush the standard output after the information for each packet is printed. (This is not, strictly speaking, line-buffered if -V was specified; however, it is the same as line-
buffered if -V wasn't specified, as only one line is printed for each packet, and, as -l is normally used when piping a live capture to a program or script, so that output for a
packet shows up as soon as the packet is seen and dissected, it should work just as well as true line-buffering. We do this as a workaround for a deficiency in the Microsoft
Visual C++ C library.)
This may be useful when piping the output of TShark to another program, as it means that the program to which the output is piped will see the dissected data for a packet as soon
as TShark sees the packet and generates that output, rather than seeing it only when the standard output buffer containing that data fills up.
关于awk - 如何在tshark功能tshark管道后添加管道,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39900145/