- 论坛徽章:
- 0
|
看了下wireshark目录下貌似还是有一些工具可以使用的.
比如editcap.exe.
具体如何使用的话,
H:\Wireshark>editcap.exe
Editcap 0.99.3 (SVN Rev 19011)
Edit and/or translate the format of capture files.
See http://www.wireshark.org for more information.
Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]
A single packet or a range of packets can be selected.
Packets:
-C <choplen> chop each packet at the end by <choplen> bytes
-d remove duplicate packets
-E <error probability> set the probability (between 0.0 and 1.0 incl.)
that a particular packet byte will be randomly changed
-r keep the selected packets, default is to delete them
-s <snaplen> truncate packets to max. <snaplen> bytes of data
-t <time adjustment> adjust the timestamp of selected packets,
<time adjustment> is in relative seconds (e.g. -0.5)
-A <start time> don't output packets whose timestamp is before the
given time (format as YYYY-MM-DD hh:mm:ss)
-B <stop time> don't output packets whose timestamp is after the
given time (format as YYYY-MM-DD hh:mm:ss)
Output File(s):
-c <packets per file> split the packet output to different files,
with a maximum of <packets per file> each
-F <capture type> set the output file type, default is libpcap
an empty "-F" option will list the file types
-T <encap type> set the output file encapsulation type,
default is the same as the input file
an empty "-T" option will list the encapsulation types
Miscellaneous:
-h display this help and exit
-v verbose output
帮你搜了一把,看看
http://www.netexpert.cn/thread-23746-1-1.html
http://www.netexpert.cn/thread-23081-1-1.html
希望对你有帮助。
[ 本帖最后由 双眼皮的猪 于 2009-11-15 22:12 编辑 ] |
评分
-
查看全部评分
|
免费注册
发表于 2009-11-15 21:17
