Question

脚本（macOS）被称为：

./Sharksort <all or part of wlan.addr> file-name
example: ./Sharkesort 42:80 Store-1-pass1.pcapng

输出应该是来自/来自其硬件地址中包含42:80的客户端的所有流量。

for stream in tshark -r $2 -Y "wlan.addr contains $1";
do
  tshark -r $2 -w client-$1.pcapng;
done

我得到以下内容：

tshark: An error occurred while writing to the file "client-42:80.pcapng": Internal error.
tshark: An error occurred while writing to the file "client-42:80.pcapng": Internal error.
tshark: An error occurred while writing to the file "client-42:80.pcapng": Internal error.

输出文件仅包含前几个数据包。谢谢你的帮助。

Answer 1

为什么for循环？为什么不这样做？

tshark -r $2 -Y "wlan.addr contains $1" -w client-$1.pcapng

Answer 2

在-w选项为键

之前的-F选项

过滤包含MAC地址子字符串的pcaps

2 个答案: