wireshark对重复包进行过滤
来源:互联网 发布:水经注软件破解版 编辑:程序博客网 时间:2024/05/16 07:38
工作中收到别人抓的包,但是发现数据包重复了,因为涉及到分析,需要将重复的去掉,在网上搜索了一番,也没有相关的内容。
于是在wireshark的帮助里面,搜索"delete",发现有如下工具:
Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]<infile> and <outfile> must both be present.A single packet or a range of packets can be selected.Packet selection: -r keep the selected packets; default is to delete them. -A <start time> only output packets whose timestamp is after (or equal to) the given time (format as YYYY-MM-DD hh:mm:ss). -B <stop time> only output packets whose timestamp is before the given time (format as YYYY-MM-DD hh:mm:ss).Duplicate packet removal: -d remove packet if duplicate (window == 5). -D <dup window> remove packet if duplicate; configurable <dup window> Valid <dup window> values are 0 to 1000000. NOTE: A <dup window> of 0 with -v (verbose option) is useful to print MD5 hashes. -w <dup time window> remove packet if duplicate packet is found EQUAL TO OR LESS THAN <dup time window> prior to current packet. A <dup time window> is specified in relative seconds (e.g. 0.000001). NOTE: The use of the 'Duplicate packet removal' options with other editcap options except -v may not always work as expected. Specifically the -r, -t or -S options will very likely NOT have the desired effect if combined with the -d, -D or -w.Packet manipulation: -s <snaplen> truncate each packet to max. <snaplen> bytes of data. -C <choplen> chop each packet by <choplen> bytes. Positive values chop at the packet beginning, negative values at the packet end. -t <time adjustment> adjust the timestamp of each packet; <time adjustment> is in relative seconds (e.g. -0.5). -S <strict adjustment> adjust timestamp of packets if necessary to insure strict chronological increasing order. The <strict adjustment> is specified in relative seconds with values of 0 or 0.000001 being the most reasonable. A negative adjustment value will modify timestamps so that each packet's delta time is the absolute value of the adjustment specified. A value of -0 will set all packets to the timestamp of the first packet. -E <error probability> set the probability (between 0.0 and 1.0 incl.) that a particular packet byte will be randomly changed.Output File(s): -c <packets per file> split the packet output to different files based on uniform packet counts with a maximum of <packets per file> each. -i <seconds per file> split the packet output to different files based on uniform time intervals with a maximum of <seconds per file> each. -F <capture type> set the output file type; default is libpcap. an empty "-F" option will list the file types. -T <encap type> set the output file encapsulation type; default is the same as the input file. an empty "-T" option will list the encapsulation types.Miscellaneous: -h display this help and exit. -v verbose output. If -v is used with any of the 'Duplicate Packet Removal' options (-d, -D or -w) then Packet lengths and MD5 hashes are printed to standard-out.
在wireshark的安装目录下,找到有editcap.exe。
因此,使用cmd命令,指定源文件和目标文件,得到了新的文件:
D:\Program Files\Wireshark>editcap -d d:\test.pcap d:\testresult.pcap
66848 packets seen, 27991 packets skipped with duplicate window of 5 packets.
66848 packets seen, 27991 packets skipped with duplicate window of 5 packets.
0 0
- wireshark对重复包进行过滤
- wireshark过滤抓包
- wireshark包过滤语法
- wireshark包过滤语法
- WireShark 网络包过滤
- 利用tcpdump+wireshark对android进行抓包分析
- 实战利用WireShark对Telnet协议进行抓包分析
- windows上使用wireshark对openwrt进行抓包
- 对 SSL协议进行wireshark抓包实验
- Wireshark 抓包过滤规则
- wireshark抓http包过滤
- 网络--wireshark过滤http包
- wireshark抓包过滤方法
- wireshark过滤抓包与过滤查看
- Wireshark过滤抓包与过滤查看
- wireshark过滤抓包与过滤查看
- 使用wireshark进行抓包
- 网络WireShark进行抓包
- live555 使用testRTSPClient 接收h264记录
- 从 Qt 的delete 说开来
- IOS学习之蓝牙4.0 BLE
- 一些关于NSRunLoop与NSTimer的知识
- ubuntu下设置静态ip 问题
- wireshark对重复包进行过滤
- centos 服务器上会用到的命令收集
- POJ 3294 Life Forms (后缀数组)
- 文件操作 C语言
- 图像的局部熵
- mongodb常用命令
- NSRunLoop的一点理解
- 黑马程序员————Socket编程小结(第四篇)
- android 开发中用到的工具-持续更新(码农必看)