无需在以后启动Wireshark或存储和分析数据包。
如果没有websockets那样的乱码,如何对此进行实时查看?
tcpdump -nnXSs 0 port 1234
答案 0 :(得分:1)
该功能已在Wireshark的2.0版本中删除。
所以必须从Ubuntu trusty 14.04获取以下软件包并安装它们:
<span class="price"><select data-bind="options: preferedTimeToPickup,
optionsCaption: 'Dont Know or Does not Matter',
optionsValue: 'name',
optionsText: 'name',
value: _preferedTimeToPickupVal" id="u3413_input" ></select>
</span>
var vm = function () {
this.preferedTimeToPickup = [ {}, {} ]
this._preferedTimeToPickupVal = ko.observable();
this.preferedTimeToPickupVal = ko.pureComputed(function() {
var selectedVal = this._preferedTimeToPickupVal()
var defaultVal = { price: null, name: null }
var found = null
if (selectedVal) {
found = this.preferedTimeToPickup.filter(function(i) {
return i.name === selectedVal
})
}
return found && found[0] ? found[0] : defaultVal
}, this)
}
禁用更新:
sudo dpkg -i wireshark-common_1.10.6-1_amd64.deb tshark_1.10.6-1_amd64.deb libwireshark3_1.10.6-1_amd64.deb libwsutil3_1.10.6-1_amd64.deb libwiretap3_1.10.6-1_amd64.deb libgnutls26_2.12.23-12ubuntu2.7_amd64.deb libgcrypt11_1.5.3-2ubuntu4.4_amd64.deb
修复依赖项:
sudo apt-mark hold tshark
转储内容的命令:
sudo apt install -f
答案 1 :(得分:1)
tshark -r out.pcap -Y websocket.payload -E occurrence=l -T fields -e text
将未屏蔽的文本传递给基于行的文本数据&#34;解析器,所以你需要使用字段选择器,并将事件设置为数据包中该字段的最后一个实例,以删除&#34; noise&#34;。我还添加了一个过滤器来限制输出到包含websocket有效负载的数据包。
由https://ask.wireshark.org/questions/60725/how-to-dump-websockets-live-with-tshark
中的grahamb撰写