Win32:
"c:\Program Files\Wireshark\tshark.exe" -i 1 -n -f "[(([12:1]
& 0xf0) >> 2):4] = 0x47455420" -a duration:180
-Eseparator="|" -T fields -e frame.time -e ip.src -e ip.dst -e http.host
-e http.request.uri -e http.user_agent -e http.referer -e http.cookie
Linux: (wireshark 1.0.15以上)
tshark -i eth1 -n -f 'tcp[((tcp[12:1] & 0xf0) >> 2):4] =
0x47455420' -R 'http.request.uri matches "(jpg$|htm$|html$)" and
http.host != "10.61.0.53"' -a duration:180 -Eseparator='|' -T fields -e
frame.time -e ip.src -e ip.dst -e http.host -e http.request.uri -e
http.referer
阅读(1490) | 评论(0) | 转发(0) |