我已经构建了使用命令行
开始捕获的.Net应用程序 private void startCapturing(string path)
{
string args = string.Format("-i 1 -s 65535 -w {0}", Path.Combine(@"D:\Downloads", path));
}
protected void invokeProcess(WiresharkProcesses process, string args)
{
try
{
string processToInvoke = null;
validateProcess(process);
switch (process)
{
case WiresharkProcesses.Capinfo:
processToInvoke = Path.Combine(getbBasePath, "capinfos.exe");
break;
case WiresharkProcesses.Editcap:
processToInvoke = Path.Combine(getbBasePath, "editcap.exe");
break;
case WiresharkProcesses.Tshark:
processToInvoke = Path.Combine(getbBasePath, "tshark.exe");
break;
case WiresharkProcesses.Wireshark:
processToInvoke = Path.Combine(getbBasePath, "wireshark.exe");
break;
}
ProcessStartInfo processStartInfo = new ProcessStartInfo(processToInvoke);
processStartInfo.Arguments = args;
processStartInfo.WindowStyle = ProcessWindowStyle.Hidden;
processStartInfo.RedirectStandardOutput = true;
processStartInfo.RedirectStandardError = true;
processStartInfo.CreateNoWindow = true;
processStartInfo.UseShellExecute = false;
processStartInfo.ErrorDialog = false;
Process pros = Process.Start(processStartInfo);
}
catch (Exception ex)
{
cw(ex.Message);
}
}
一切正常但几分钟后(当thark进程仍在运行时)我可以看到没有收到新数据包(我只是在我的磁盘上打开捕获)和经过的时间(统计数据 - >摘要)没有增长。
如果我使用相同的命令,但直接从命令行(没有.Net代码),它的工作没有停止。
我在wireshark
Windows 8 x64版本是1.10.0
答案 0 :(得分:0)
可能是你没有收到那么多数据包而且tshark正在缓冲它们。所以看起来tshark会停止捕捉一段时间。为了确保tshark不缓冲数据包:
tshark -l
从手册页:
-l Flush the standard output after the information for each packet is printed.
[...]
This may be useful when piping the output of TShark to another program, as it
means that the program to which the output is piped will see the dissected
data for a packet as soon as TShark sees the packet and generates that
output, rather than seeing it only when the standard output buffer containing
that data fills up.