Since, Wireshark does have a limitation on processing large file sizes you also have the ability to truncate packets after so many bytes. mergcap – As the name implies, this tool allows you to merge multiple captures files into a single capture.Think of this as the cheap and dirty Wireshark, hop into a system and initiate a dumpcap then boom you have your capture. dumpcap – This is another CLI equivalent of Wireshark, however this utility writes directly to a file and is less feature-rich then its ‘ tshark‘ equivalent.
It’s definitely worth taking the time to get familiar with tshark. Allowing you to capture packets like you are using tcpdump, specifing interfaces, filters, etc. tshark – This is pretty much the CLI equivalent of Wireshark.Let’s take a quick look at some of these tools. Many of us are familiar with the GUI version of Wireshark, but believe it or not but there are also a slew of other command line based utilities that enhance Wireshark and also aid us in capturing and analyzing data.
0 kommentar(er)
