简介
Capinfos 是 Wireshark 程序安装时附带的可选工具之一,用于捕获文件的命令行工具。
capinfos [ -a ] [ -A ] [ -b ] [ -B ] [ -c ] [ -C ] [ -d ] [ -D ] [ -e ] [ -E ] [ -F ] [ -h ] [ -H ] [ -i ] [ -I ] [ -k ] [ -K ] [ -l ] [ -L ] [ -m ] [ -M ] [ -n ] [ -N ] [ -o ] [ -q ] [ -Q ] [ -r ] [ -R ] [ -s ] [ -S ] [ -t ] [ -T ] [ -u ] [ -v ] [ -x ] [ -y ] [ -z ] <infile> …
描述
Capinfos 的作用简单说就是打印输出捕获文件的信息。它可以读取一个或多个捕获文件,并以 long 或 table 输出格式返回部分或全部可用的统计信息。
Long 输出格式适合人类阅读,Table 输出格式对于生成可以轻松导入电子表格或数据库的报告非常有用。
用户通过指定选项来指定输出的类型和要显示的统计信息。如果没有指定选项,Capinfos 将以 long 格式报告所有可用的统计信息。
选项按从左到右的顺序处理,后面的选项将取代或添加到前面的选项中。
选项
$ capinfos
Usage: capinfos [options] <infile> ...
General infos:
-t display the capture file type
-E display the capture file encapsulation
-I display the capture file interface information
-F display additional capture file information
-H display the SHA256, RIPEMD160, and SHA1 hashes of the file
-k display the capture comment
Size infos:
-c display the number of packets
-s display the size of the file (in bytes)
-d display the total length of all packets (in bytes)
-l display the packet size limit (snapshot length)
Time infos:
-u display the capture duration (in seconds)
-a display the capture start time
-e display the capture end time
-o display the capture file chronological status (True/False)
-S display start and end times as seconds
Statistic infos:
-y display average data rate (in bytes/sec)
-i display average data rate (in bits/sec)
-z display average packet size (in bytes)
-x display average packet rate (in packets/sec)
Metadata infos:
-n display number of resolved IPv4 and IPv6 addresses
-D display number of decryption secrets
Output format:
-L generate long report (default)
-T generate table report
-M display machine-readable values in long reports
Table report options:
-R generate header record (default)
-r do not generate header record
-B separate infos with TAB character (default)
-m separate infos with comma (,) character
-b separate infos with SPACE character
-N do not quote infos (default)
-q quote infos with single quotes (')
-Q quote infos with double quotes (")
Miscellaneous:
-h, --help display this help and exit
-v, --version display version info and exit
-C cancel processing if file open fails (default is to continue)
-A generate all infos (default)
-K disable displaying the capture comment
Options are processed from left to right order with later options superseding
or adding to earlier options.
If no options are given the default is to display all infos in long report
output format.
实例
鉴于 Capinfos 工具较为简单,以下直接以实例讲解各选项的作用。
测试跟踪文件主要信息如下,以下为 capinfos 不带任何选项的输出示例,以 long 格式报告所有可用的统计信息。
$ capinfos test.pcapng
File name: test.pcapng
File type: Wireshark/... - pcapng
File encapsulation: Ethernet
File timestamp precision: microseconds (6)
Packet size limit: file hdr: (not set)
Number of packets: 20 k
File size: 9213 kB
Data size: 8530 kB
Capture duration: 37.528437 seconds
First packet time: 2021-08-15 21:34:27.791910
Last packet time: 2021-08-15 21:35:05.320347
Data byte rate: 227 kBps
Data bit rate: 1818 kbps
Average packet size: 419.22 bytes
Average packet rate: 542 packets/s
SHA256: 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa
RIPEMD160: 78696db33a42825bb42a7c63d0fc6053cc88e851
SHA1: 7c9d9db15cfa4c237c16289862e9b1cde08a760f
Strict time order: False
Capture hardware: Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2)
Capture oper-sys: 64-bit Windows 10 (1809), build 17763
Capture application: Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f)
Capture comment: test
Number of interfaces in file: 1
Interface #0 info:
Name = \Device\NPF_{15DAC5F9-EEF5-4A7E-A590-E0968FC225A4}
Description = Ethernet0
Encapsulation = Ethernet (1 - ether)
Capture length = 262144
Time precision = microseconds (6)
Time ticks per second = 1000000
Time resolution = 0x06
Operating system = 64-bit Windows 10 (1809), build 17763
Number of stat entries = 1
Number of packets = 20348
General infos
基本信息选项,主要包括以下:
General infos:
-t display the capture file type
-E display the capture file encapsulation
-I display the capture file interface information
-F display additional capture file information
-H display the SHA256, RIPEMD160, and SHA1 hashes of the file
-k display the capture comment
-t 选项显示捕获文件类型,譬如 pcapng、pcap 等等。
$ capinfos -t test.pcapng
File name: test.pcapng
File type: Wireshark/... - pcapng
-E 选项显示捕获文件封装类型,譬如 Ethernet 以太网类型等等。
$ capinfos -E test.pcapng
File name: test.pcapng
File encapsulation: Ethernet
-I 选项显示捕获文件详细的接口信息,包括接口命名、封装类型、捕获Snaplen长度、时间精度、系统信息、数据包数量等等。(注:不同系统或者不同格式的捕获文件显示的接口信息不一样。)
$ capinfos -I test.pcapng
File name: test.pcapng
Number of interfaces in file: 1
Interface #0 info:
Name = \Device\NPF_{15DAC5F9-EEF5-4A7E-A590-E0968FC225A4}
Description = Ethernet0
Encapsulation = Ethernet (1 - ether)
Capture length = 262144
Time precision = microseconds (6)
Time ticks per second = 1000000
Time resolution = 0x06
Operating system = 64-bit Windows 10 (1809), build 17763
Number of stat entries = 1
Number of packets = 20348
-F 选项显示捕获文件其他信息部分,包括文件时间戳精度、捕获硬件、捕获操作系统、捕获应用软件信息等等。(注:不同系统或者不同格式的捕获文件显示的其他信息不一样。)
$ capinfos -F test.pcapng
File name: test.pcapng
File timestamp precision: microseconds (6)
Capture hardware: Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2)
Capture oper-sys: 64-bit Windows 10 (1809), build 17763
Capture application: Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f)
-H 选项显示捕获文件的 SHA256, RIPEMD160, 和 SHA1 信息。
$ capinfos -H test.pcapng
File name: test.pcapng
SHA256: f0edddebd93758824d561e4bb6e1abbd7d4ee6add370f6525d6a078259151cfe
RIPEMD160: a5d2a8394d9a649de2937c15ff2affc7bfab460b
SHA1: 73c0bbf66a48f458aeccae34a0acfa2dde62a44e
-k 选项显示捕获文件捕获描述。(注:pcapng 格式文件支持保存描述。)
$ capinfos -k test.pcapng
File name: test.pcapng
Capture comment: test
多文件选项处理方式,之后的信息选项使用方式类似。
$ capinfos -t test.pcapng test123.pcap
File name: test.pcapng
File type: Wireshark/... - pcapng
File name: test123.pcap
File type: Wireshark/tcpdump/... - pcap
多选项按从左到右的顺序处理,后面的选项将添加到前面的选项中,之后的信息选项使用方式类似。
$ capinfos -tEk test.pcapng
File name: test.pcapng
File type: Wireshark/... - pcapng
File encapsulation: Ethernet
Capture comment: test
Size infos
大小信息选项,主要包括以下:
Size infos:
-c display the number of packets
-s display the size of the file (in bytes)
-d display the total length of all packets (in bytes)
-l display the packet size limit (snapshot length)
-c 选项显示捕获文件数据包数量。
$ capinfos -c test.pcapng
File name: test.pcapng
Number of packets: 20 k
-s 选项显示捕获文件文件大小,以字节为单位。
$ capinfos -s test.pcapng
File name: test.pcapng
File size: 9213 kB
-d 选项显示捕获文件数据大小,即所有数据帧的总长度,以字节为单位。
$ capinfos -d test.pcapng
File name: test.pcapng
Data size: 8530 kB
-l 选项显示捕获文件数据包大小限制信息,即 snaplen(如果有的话),一般显示值有默认的 not set、262144、65535 以及 snaplen所限制的长度)
$ capinfos -l test.pcapng
File name: test.pcapng
Packet size limit: file hdr: (not set)
Time infos
时间信息选项,主要包括以下:
Time infos:
-u display the capture duration (in seconds)
-a display the capture start time
-e display the capture end time
-o display the capture file chronological status (True/False)
-S display start and end times as seconds
-u 选项显示捕获文件捕获持续时间,以秒为单位。
$ capinfos -u test.pcapng
File name: test.pcapng
Capture duration: 37.528437 seconds
-a 选项显示捕获文件第一个数据包的时间。
$ capinfos -a test.pcapng
File name: test.pcapng
First packet time: 2021-08-15 21:34:27.791910
-e 选项显示捕获文件最后一个数据包的时间。
$ capinfos -e test.pcapng
File name: test.pcapng
Last packet time: 2021-08-15 21:35:05.320347
-o 选项显示捕获文件严格时间顺序,如果数据包按照严格的时间排序,则显示“True”;如果捕获的数据包中有一个或多个数据包存在乱序,则显示“False”。(注:pcap、cap 部分文件显示结果并不正确。)
$ capinfos -o test.pcapng
File name: test.pcapng
Strict time order: False
-S 选项显示捕获文件开始和结束时间为1970年1月1日以来的秒数。
$ capinfos -S test.pcapng
File name: test.pcapng
First packet time: 1629034467.791910
Last packet time: 1629034505.320347
Statistic infos
统计信息选项,主要包括以下:
Statistic infos:
-y display average data rate (in bytes/sec)
-i display average data rate (in bits/sec)
-z display average packet size (in bytes)
-x display average packet rate (in packets/sec)
-y 选项显示捕获文件的平均数据传输速率,以字节为单位,即 Bps 。
$ capinfos -y test.pcapng
File name: test.pcapng
Data byte rate: 227 kBps
-i 选项显示捕获文件的平均数据传输速率,以比特为单位,即 bps 。
$ capinfos -i test.pcapng
File name: test.pcapng
Data bit rate: 1818 kbps
-z 选项显示捕获文件的平均数据包大小,以字节为单位。
$ capinfos -z test.pcapng
File name: test.pcapng
Average packet size: 419.22 bytes
-x 选项显示捕获文件的平均数据包传输速率,即 pps。
$ capinfos -x test.pcapng
File name: test.pcapng
Average packet rate: 542 packets/s
Metadata infos
元数据信息选项,主要包括以下:
Metadata infos:
-n display number of resolved IPv4 and IPv6 addresses
-D display number of decryption secrets
This information is not available in table format.
-n 选项显示捕获文件的解析 IPv4 和 IPv6 地址的数量。(注:目前版本支持可能有些问题,捕获文件有时需在 wireshark 数据包列表面板中任意数据包右键以 Edit Resolved Name 触发 OK 再保存一下文件后,再使用 capinfos -n 读取方能显示)
$ capinfos -n test.pcapng
File name: test.pcapng
Number of resolved IPv4 addresses in file: 40
-D 选项显示捕获文件解密的数量,譬如包含有tls密钥的pcapng文件。
$ capinfos -D test.pcapng
File name: test.pcapng
Number of decryption secrets in file: 1
Output format
输出格式选项,主要包括以下:
Output format:
-L generate long report (default)
-T generate table report
-M display machine-readable values in long reports
-L 选项以 long 格式报告所有可用的统计信息(默认),与不加任何选项输出一样。
$ capinfos -L test.pcapng
File name: test.pcapng
File type: Wireshark/... - pcapng
File encapsulation: Ethernet
File timestamp precision: microseconds (6)
Packet size limit: file hdr: (not set)
Number of packets: 20 k
File size: 9213 kB
Data size: 8530 kB
Capture duration: 37.528437 seconds
First packet time: 2021-08-15 21:34:27.791910
Last packet time: 2021-08-15 21:35:05.320347
Data byte rate: 227 kBps
Data bit rate: 1818 kbps
Average packet size: 419.22 bytes
Average packet rate: 542 packets/s
SHA256: 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa
RIPEMD160: 78696db33a42825bb42a7c63d0fc6053cc88e851
SHA1: 7c9d9db15cfa4c237c16289862e9b1cde08a760f
Strict time order: False
Capture hardware: Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2)
Capture oper-sys: 64-bit Windows 10 (1809), build 17763
Capture application: Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f)
Capture comment: test
Number of interfaces in file: 1
Interface #0 info:
Name = \Device\NPF_{15DAC5F9-EEF5-4A7E-A590-E0968FC225A4}
Description = Ethernet0
Encapsulation = Ethernet (1 - ether)
Capture length = 262144
Time precision = microseconds (6)
Time ticks per second = 1000000
Time resolution = 0x06
Operating system = 64-bit Windows 10 (1809), build 17763
Number of stat entries = 1
Number of packets = 20348
-T 选项以 table 格式报告所有可用的统计信息,可以生成 txt 或 csv 等格式文件。
$ capinfos -T test.pcapng
File name File type File encapsulation File time precision Packet size limit Packet size limit min (inferred) Packet size limit max (inferred) Number of packets File size (bytes) Data size (bytes) Capture duration (seconds) Start time End time Data byte rate (bytes/sec) Data bit rate (bits/sec) Average packet size (bytes) Average packet rate (packets/sec) SHA256 RIPEMD160 SHA1 Strict time order Capture hardware Capture oper-sys Capture application Capture comment
test.pcapng pcapng ether microseconds (not set) n/a n/a 20348 9213116 8530389 37.528437 2021-08-15 21:34:27.791910 2021-08-15 21:35:05.320347 227304.67 1818437.36 419.22 542.20 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa 78696db33a42825bb42a7c63d0fc6053cc88e851 7c9d9db15cfa4c237c16289862e9b1cde08a760f False Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2) 64-bit Windows 10 (1809), build 17763 Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f) test
$ capinfos -T test.pcapng > test.txt
$ capinfos -T test.pcapng > test.csv
-M 选项以在 long 格式打印原始值(机器可读)。
$ capinfos -M test.pcapng
File name: test.pcapng
File type: pcapng
File encapsulation: ether
File timestamp precision: microseconds (6)
Packet size limit: file hdr: (not set)
Number of packets: 20348
File size: 9213116 bytes
Data size: 8530389 bytes
Capture duration: 37.528437 seconds
First packet time: 2021-08-15 21:34:27.791910
Last packet time: 2021-08-15 21:35:05.320347
Data byte rate: 227304.67 bytes/sec
Data bit rate: 1818437.36 bits/sec
Average packet size: 419.22 bytes
Average packet rate: 542.20 packets/sec
SHA256: 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa
RIPEMD160: 78696db33a42825bb42a7c63d0fc6053cc88e851
SHA1: 7c9d9db15cfa4c237c16289862e9b1cde08a760f
Strict time order: False
Capture hardware: Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2)
Capture oper-sys: 64-bit Windows 10 (1809), build 17763
Capture application: Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f)
Capture comment: test
Number of interfaces in file: 1
Interface #0 info:
Name = \Device\NPF_{15DAC5F9-EEF5-4A7E-A590-E0968FC225A4}
Description = Ethernet0
Encapsulation = Ethernet (1 - ether)
Capture length = 262144
Time precision = microseconds (6)
Time ticks per second = 1000000
Time resolution = 0x06
Operating system = 64-bit Windows 10 (1809), build 17763
Number of stat entries = 1
Number of packets = 20348
Table report options
Table 报告选项,主要包括以下:
Table report options:
-R generate header record (default)
-r do not generate header record
-B separate infos with TAB character (default)
-m separate infos with comma (,) character
-b separate infos with SPACE character
-N do not quote infos (default)
-q quote infos with single quotes (')
-Q quote infos with double quotes (")
使用 -T + 上述选项组合,生成 txt 或 csv 等格式文件,以下例子以 txt 格式介绍。
$ capinfos -T test.pcapng > test.txt
$ capinfos -T test.pcapng > test.csv
-R 选项生成头部信息(默认)。
$ capinfos -TR test.pcapng > test.txt
$ capinfos -T test.pcapng > test.txt
$ more test.txt
File name File type File encapsulation File time precision Packet size limit Packet size limit min (inferred) Packet size limit max (inferred) Number of packets File size (bytes) Data size (bytes) Capture duration (seconds) Start time End time
Data byte rate (bytes/sec) Data bit rate (bits/sec) Average packet size (bytes) Average packet rate (packets/sec) SHA256 RIPEMD160 SHA1 Strict time order Capture hardware
Capture oper-sys Capture application Capture comment
test.pcapng pcapng ether microseconds (not set) n/a n/a 20348 9213116 8530389 37.528437 2021-08-15 21:34:27.791910 2021-08-15 21:35:05.320347 227304.67 1818437.36
419.22 542.20 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa 78696db33a42825bb42a7c63d0fc6053cc88e851 7c9d9db15cfa4c237c16289862e9b1cde08a760f False Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2) 64-bit Windows 10 (1809), build 17763 Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f) test
-r 选项不生成头部信息。
$ capinfos -Tr test.pcapng > test.txt
$ more test.txt
test.pcapng pcapng ether microseconds (not set) n/a n/a 20348 9213116 8530389 37.528437 2021-08-15 21:34:27.791910 2021-08-15 21:35:05.320347 227304.67 1818437.36
419.22 542.20 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa 78696db33a42825bb42a7c63d0fc6053cc88e851 7c9d9db15cfa4c237c16289862e9b1cde08a760f False Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2) 64-bit Windows 10 (1809), build 17763 Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f) testtest.pcapng pcapng ether microseconds (not set) n/a n/a 20348 9213108 8530389 37.528437
2021-08-15 21:34:27.791910 2021-08-15 21:35:05.320347 227304.67 1818437.36 419.22 542.20 f0edddebd93758824d561e4bb6e1abbd7d4ee6add370f6525d6a078259151cfe a5d2a8394d9a649de2937c15ff2affc7bfab460b 73c0bbf66a48f458aeccae34a0acfa2dde62a44e False Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2) 64-bit Windows 10 (1809), build 17763 Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f)
-B 选项以TAB制表符分隔信息(默认)。
$ capinfos -TB test.pcapng > test.txt
$ capinfos -T test.pcapng > test.txt
$ more test.txt
File name File type File encapsulation File time precision Packet size limit Packet size limit min (inferred) Packet size limit max (inferred) Number of packets File size (bytes) Data size (bytes) Capture duration (seconds) Start time End time
Data byte rate (bytes/sec) Data bit rate (bits/sec) Average packet size (bytes) Average packet rate (packets/sec) SHA256 RIPEMD160 SHA1 Strict time order Capture hardware
Capture oper-sys Capture application Capture comment
test.pcapng pcapng ether microseconds (not set) n/a n/a 20348 9213116 8530389 37.528437 2021-08-15 21:34:27.791910 2021-08-15 21:35:05.320347 227304.67 1818437.36
419.22 542.20 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa 78696db33a42825bb42a7c63d0fc6053cc88e851 7c9d9db15cfa4c237c16289862e9b1cde08a760f False Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2) 64-bit Windows 10 (1809), build 17763 Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f) test
-m 选项以,分隔信息。
$ capinfos -Tm test.pcapng > test.txt
$ more test.txt
File name,File type,File encapsulation,File time precision,Packet size limit,Packet size limit min (inferred),Packet size limit max (inferred),Number of packets,File size (bytes),Data size (bytes),Capture duration (seconds),Start time,End time,Data byte rate (bytes/sec),Data bit rate (bits/sec),Average packet size (bytes),Average packet rate (packets/sec),SHA256,RIPEMD160,SHA1,Strict time order,Capture hardware,Capture oper-sys,Capture application,Capture comment
test.pcapng,pcapng,ether,microseconds,(not set),n/a,n/a,20348,9213116,8530389,37.528437,2021-08-15 21:34:27.791910,2021-08-15 21:35:05.320347,227304.67,1818437.36,419.22,542.20,03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa,78696db33a42825bb42a7c63d0fc6053cc88e851,7c9d9db15cfa4c237c16289862e9b1cde08a760f,False,Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2),64-bit Windows 10 (1809), build 17763,Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f),test
-b 选项以空格分隔信息。
$ capinfos -Tb test.pcapng > test.txt
$ more test.txt
File name File type File encapsulation File time precision Packet size limit Packet size limit min (inferred) Packet size limit max (inferred) Number of packets File size (bytes) Data size (bytes) Capture duration (seconds) Start time End time Data byte rate (bytes/sec) Data bit rate (bits/sec) Average packet size (bytes) Average packet rate (packets/sec) SHA256 RIPEMD160 SHA1 Strict time order Capture hardware Capture oper-sys Capture application Capture comment
test.pcapng pcapng ether microseconds (not set) n/a n/a 20348 9213116 8530389 37.528437 2021-08-15 21:34:27.791910 2021-08-15 21:35:05.320347 227304.67 1818437.36 419.22 542.20 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa 78696db33a42825bb42a7c63d0fc6053cc88e851 7c9d9db15cfa4c237c16289862e9b1cde08a760f False Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2) 64-bit Windows 10 (1809), build 17763 Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f) test
-N 选项不引用信息(默认)。
$ capinfos -TN test.pcapng > test.txt
$ capinfos -T test.pcapng > test.txt
$ more test.txt
File name File type File encapsulation File time precision Packet size limit Packet size limit min (inferred) Packet size limit max (inferred) Number of packets File size (bytes) Data size (bytes) Capture duration (seconds) Start time End time
Data byte rate (bytes/sec) Data bit rate (bits/sec) Average packet size (bytes) Average packet rate (packets/sec) SHA256 RIPEMD160 SHA1 Strict time order Capture hardware
Capture oper-sys Capture application Capture comment
test.pcapng pcapng ether microseconds (not set) n/a n/a 20348 9213116 8530389 37.528437 2021-08-15 21:34:27.791910 2021-08-15 21:35:05.320347 227304.67 1818437.36
419.22 542.20 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa 78696db33a42825bb42a7c63d0fc6053cc88e851 7c9d9db15cfa4c237c16289862e9b1cde08a760f False Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2) 64-bit Windows 10 (1809), build 17763 Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f) test
-q 选项使用' '引用信息。
$ capinfos -Tq test.pcapng > test.txt
$ more test.txt
'File name' 'File type' 'File encapsulation' 'File time precision' 'Packet size limit' 'Packet size limit min (inferred)' 'Packet size limit max (inferred)' 'Number of packets' 'File size (bytes)' 'Data size (bytes)' 'Capture duration (seconds)' 'Start time' 'End time'
'Data byte rate (bytes/sec)' 'Data bit rate (bits/sec)' 'Average packet size (bytes)' 'Average packet rate (packets/sec)' 'SHA256' 'RIPEMD160' 'SHA1' 'Strict time order' 'Capture hardware' 'Capture oper-sys' 'Capture application' 'Capture comment'
'test.pcapng' 'pcapng' 'ether' 'microseconds' '(not set)' 'n/a' 'n/a' '20348' '9213116'
'8530389' '37.528437' '2021-08-15 21:34:27.791910' '2021-08-15 21:35:05.320347' '227304.67' '1818437.36' '419.22' '542.20' '03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa' '78696db33a42825bb42a7c63d0fc6053cc88e851' '7c9d9db15cfa4c237c16289862e9b1cde08a760f' 'False' 'Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2)' '64-bit Windows 10 (1809), build 17763' 'Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f)' 'test'
-Q 选项使用" "引用信息。
$ capinfos -TQ test.pcapng > test.txt
$ more test.txt
"File name" "File type" "File encapsulation" "File time precision" "Packet size limit" "Packet size limit min (inferred)" "Packet size limit max (inferred)" "Number of packets" "File size (bytes)" "Data size (bytes)" "Capture duration (seconds)" "Start time" "End time"
"Data byte rate (bytes/sec)" "Data bit rate (bits/sec)" "Average packet size (bytes)" "Average packet rate (packets/sec)" "SHA256" "RIPEMD160" "SHA1" "Strict time order" "Capture hardware" "Capture oper-sys" "Capture application" "Capture comment"
"test.pcapng" "pcapng" "ether" "microseconds" "(not set)" "n/a" "n/a" "20348" "9213116"
"8530389" "37.528437" "2021-08-15 21:34:27.791910" "2021-08-15 21:35:05.320347" "227304.67" "1818437.36" "419.22" "542.20" "03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa" "78696db33a42825bb42a7c63d0fc6053cc88e851" "7c9d9db15cfa4c237c16289862e9b1cde08a760f" "False" "Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2)" "64-bit Windows 10 (1809), build 17763" "Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f)" "test"
Miscellaneous
杂项选项,主要包括以下:
Miscellaneous:
-h, --help display this help and exit
-v, --version display version info and exit
-C cancel processing if file open fails (default is to continue)
-A generate all infos (default)
-K disable displaying the capture comment
-h 选项显示 capinfos 帮助列表并退出。
$ capinfos -h
Capinfos (Wireshark) 3.6.0 (v3.6.0-0-g3a34e44d02c9)
Print various information (infos) about capture files.
See https://www.wireshark.org for more information.
Usage: capinfos [options] <infile> ...
General infos:
-t display the capture file type
-E display the capture file encapsulation
-I display the capture file interface information
-F display additional capture file information
-H display the SHA256, RIPEMD160, and SHA1 hashes of the file
-k display the capture comment
Size infos:
-c display the number of packets
-s display the size of the file (in bytes)
-d display the total length of all packets (in bytes)
-l display the packet size limit (snapshot length)
Time infos:
-u display the capture duration (in seconds)
-a display the capture start time
-e display the capture end time
-o display the capture file chronological status (True/False)
-S display start and end times as seconds
Statistic infos:
-y display average data rate (in bytes/sec)
-i display average data rate (in bits/sec)
-z display average packet size (in bytes)
-x display average packet rate (in packets/sec)
Metadata infos:
-n display number of resolved IPv4 and IPv6 addresses
-D display number of decryption secrets
Output format:
-L generate long report (default)
-T generate table report
-M display machine-readable values in long reports
Table report options:
-R generate header record (default)
-r do not generate header record
-B separate infos with TAB character (default)
-m separate infos with comma (,) character
-b separate infos with SPACE character
-N do not quote infos (default)
-q quote infos with single quotes (')
-Q quote infos with double quotes (")
Miscellaneous:
-h, --help display this help and exit
-v, --version display version info and exit
-C cancel processing if file open fails (default is to continue)
-A generate all infos (default)
-K disable displaying the capture comment
Options are processed from left to right order with later options superseding
or adding to earlier options.
If no options are given the default is to display all infos in long report
output format.
-v 选项显示 capinfos 工具版本信息并退出。
$ capinfos -v
Capinfos (Wireshark) 3.6.0 (v3.6.0-0-g3a34e44d02c9)
Copyright 1998-2021 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) using Microsoft Visual Studio 2019 (VC++ 14.29, build 30040),
with GLib 2.66.4, with zlib 1.2.11.
Running on 64-bit Windows 10 (1809), build 17763, with Intel(R) Xeon(R) Gold
6226R CPU @ 2.90GHz (with SSE4.2), with 16382 MB of physical memory, with GLib
2.66.4, with LC_TYPE=Chinese (Simplified)_China.utf8, binary plugins supported
(0 loaded).
-C 选项,如果capinfos无法打开输入文件或读取输入文件时出现错误,取消处理任何其他文件。默认情况下,即使打开或读取文件时出现错误,capinfos也会继续处理文件。
$ capinfos -C test123.pcapng test.pcapng
capinfos: The file "test123.pcapng" doesn't exist.
$ capinfos test123.pcapng test.pcapng
capinfos: The file "test123.pcapng" doesn't exist.
File name: test.pcapng
File type: Wireshark/... - pcapng
File encapsulation: Ethernet
...
-A 选项显示所有信息(默认)。
$ capinfos -A test.pcapng
File name: test.pcapng
File type: Wireshark/... - pcapng
File encapsulation: Ethernet
File timestamp precision: microseconds (6)
Packet size limit: file hdr: (not set)
Number of packets: 20 k
File size: 9213 kB
Data size: 8530 kB
Capture duration: 37.528437 seconds
First packet time: 2021-08-15 21:34:27.791910
Last packet time: 2021-08-15 21:35:05.320347
Data byte rate: 227 kBps
Data bit rate: 1818 kbps
Average packet size: 419.22 bytes
Average packet rate: 542 packets/s
SHA256: 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa
RIPEMD160: 78696db33a42825bb42a7c63d0fc6053cc88e851
SHA1: 7c9d9db15cfa4c237c16289862e9b1cde08a760f
Strict time order: False
Capture hardware: Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2)
Capture oper-sys: 64-bit Windows 10 (1809), build 17763
Capture application: Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f)
Capture comment: test
Number of interfaces in file: 1
Interface #0 info:
Name = \Device\NPF_{15DAC5F9-EEF5-4A7E-A590-E0968FC225A4}
Description = Ethernet0
Encapsulation = Ethernet (1 - ether)
Capture length = 262144
Time precision = microseconds (6)
Time ticks per second = 1000000
Time resolution = 0x06
Operating system = 64-bit Windows 10 (1809), build 17763
Number of stat entries = 1
Number of packets = 20348
注:选项按从左到右的顺序处理,后面的选项将取代前面的选项。
$ capinfos -sA test.pcapng 等同于 $ capinfos -A test.pcapng
$ capinfos -As test.pcapng 等同于 $ capinfos -s test.pcapng
-K 选项可以抑制打印捕获注释。默认情况下,捕获注释是启用的,在部分场景下排除捕获注释有利于对输出的后加工。
$ capinfos -K test.pcapng
File name: test.pcapng
File type: Wireshark/... - pcapng
File encapsulation: Ethernet
File timestamp precision: microseconds (6)
Packet size limit: file hdr: (not set)
Number of packets: 20 k
File size: 9213 kB
Data size: 8530 kB
Capture duration: 37.528437 seconds
First packet time: 2021-08-15 21:34:27.791910
Last packet time: 2021-08-15 21:35:05.320347
Data byte rate: 227 kBps
Data bit rate: 1818 kbps
Average packet size: 419.22 bytes
Average packet rate: 542 packets/s
SHA256: 03cdf99c02a73c3a0ada4f857eaffa587fd78d081cc8cd4e0c7b79f1587086fa
RIPEMD160: 78696db33a42825bb42a7c63d0fc6053cc88e851
SHA1: 7c9d9db15cfa4c237c16289862e9b1cde08a760f
Strict time order: False
Capture hardware: Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz (with SSE4.2)
Capture oper-sys: 64-bit Windows 10 (1809), build 17763
Capture application: Dumpcap (Wireshark) 3.4.7 (v3.4.7-0-ge42cbf6a415f)
Number of interfaces in file: 1
Interface #0 info:
Name = \Device\NPF_{15DAC5F9-EEF5-4A7E-A590-E0968FC225A4}
Description = Ethernet0
Encapsulation = Ethernet (1 - ether)
Capture length = 262144
Time precision = microseconds (6)
Time ticks per second = 1000000
Time resolution = 0x06
Operating system = 64-bit Windows 10 (1809), build 17763
Number of stat entries = 1
Number of packets = 20348
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
