WireShark
March 2nd, 2009
No comments
A network analyzer that lets you capture and interactively browse the
contents of packets from a variety of network interface types. Packet data can
be read from a file, or live from a local network interface.WWW: http://www.wireshark.org/
Устанавливаем консольную версию программы, которая называется tshark:
1 2 3 4 5 6 7 8 9 | [root@case.net.ru]$ make showconfig ===> The following configuration options are available for tshark-1.0.6: RTP=off "Enable support for playing back RTP streams" SNMP=off "Enable SNMP OID translation support" ADNS=off "Enable asynchronous DNS lookup support" PCRE=off "Enable regular expression matching support" IPV6=off "Enable IPv6 support" ===> Use 'make config' to modify these settings [root@case.net.ru]$ make install clean |
Пример работы:
Записать весь sip трафик интерфейса vlan3 в файл sip.log.
1 | tshark -i vlan3 -p -w sip.log -S udp port 5060 |
Прочитать данные с подробным отчетом по каждому пакету:
1 | tshark -r sip.log -V |
