RSS[WireShark][tShark] 改寫輸入內容
2 月 03
改寫前:
c:\Program Files\Wireshark>tshark.exe -i 1 -t ad -c 3 -f "arp"
Capturing on 'LAN'
1 2018-02-03 01:24:57.171146 Vmware_c3:97:f8 → AsustekC_fd:12:ba ARP 60 Who has 192.168.7.73? Tell 192.168.7.79
2 2018-02-03 01:24:57.171169 AsustekC_fd:12:ba → Vmware_c3:97:f8 ARP 42 192.168.7.73 is at 00:26:18:fd:12:ba
3 2018-02-03 01:24:57.505058 AsustekC_fd:12:ba → Vmware_c3:97:f8 ARP 42 Who has 192.168.7.79? Tell 192.168.7.73
3 packets captured
改寫後:
c:\Program Files\Wireshark>tshark.exe -i 1 -t ad -c 3 -f "arp" -o "gui.column.format:\"No.\",\"%m\",\"Time\",\"%t\",\"Vendor\",\"%rhs\",\"Source\",\"%uhs\",\"Destination\",\"%uhd\",\"Protocol\",\"%p\",\"Length\",\"%L\",\"Info\",\"%i\""
Capturing on 'LAN'
1 2018-02-03 01:23:53.208062 D-LinkIn_5c:c0:fe d8:fe:e3:5c:c0:fe → ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.7.96? Tell 192.168.7.1
2 2018-02-03 01:23:59.275652 SamsungE_85:b6:a5 ac:5f:3e:85:b6:a5 → ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.7.2? Tell 192.168.7.96
3 2018-02-03 01:23:59.276012 SamsungE_85:b6:a5 ac:5f:3e:85:b6:a5 → ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.7.2? Tell 192.168.7.96
3 packets captured
可利用 tshark -G help 裡的
tshark.exe -G column-formats
來看改寫方法