目前我正在输出 tshark 过滤数据包的 ascii 有效负载:
tshark -i ens224 -l -T fields -e data host 192.168.1.123 and dst port 3423 | xargs -n1 -I{} echo "{}0d0a" | xxd -r -p -
其中 xxd 用于将数据字段中的十六进制数据转换为 ascii。
tshark
-i interface name
-f host filter for local broadcast
-l flush stdout after each packet (Important)
-T fields output fields specified by -e
-e data tshark will only output undissected data in packets
xargs
-n1 trigger on one recieved cmd line arg
-i{} use {} for substitution in echo command
"{}0d0a" add crlf to hex string data from packet to flush stdout in xxd
echo use echo to aggregate hex data with crlf and pipe to xxd
xxd
-r reverse hex to ascii
-p plain text output
- take input from stdin
输出看起来像:
1 Data in packet
7 data in another packet
我想在捕获时间之前加上它。
1 15:20:32 Data in packet
7 15:23:01 data in another packet
我怎么做?