\u5728\u8fd9\u7bc7\u6587\u7ae0\u4e2d\uff0c\u6211\u5c06\u4ecb\u7ecd\u4e00\u4e9b\u64cd\u4f5c pcap \u6587\u4ef6\u7684\u5de5\u5177\uff0c\u4ee5\u53ca\u5982\u4f55\u4f7f\u7528\u5b83\u4eec \u3002<\/p>\n

Editcap \u4e0e Mergecap<\/strong><\/div>\n
\nWireshark\uff0c\u662f\u6700\u53d7\u6b22\u8fce\u7684 GUI \u55c5\u63a2\u5de5\u5177\uff0c\u5b9e\u9645\u4e0a\u5b83\u5e26\u4e86\u4e00\u5957\u975e\u5e38\u6709\u7528\u7684\u547d\u4ee4\u884c\u5de5\u5177\u96c6\u3002\u5176\u4e2d\u5305\u62ec editcap \u4e0e mergecap\u3002editcap \u662f\u4e00\u4e2a\u4e07\u80fd\u7684 pcap \u7f16\u8f91\u5668\uff0c\u5b83\u53ef\u4ee5\u8fc7\u6ee4\u5e76\u4e14\u80fd\u4ee5\u591a\u79cd\u65b9\u5f0f\u6765\u5206\u5272 pcap \u6587\u4ef6\u3002mergecap \u53ef\u4ee5\u5c06\u591a\u4e2a pcap \u6587\u4ef6\u5408\u5e76\u4e3a\u4e00\u4e2a\u3002 \u8fd9\u7bc7\u6587\u7ae0\u5c31\u662f\u57fa\u4e8e\u8fd9\u4e9b Wireshark \u547d\u4ee4\u884c\u5de5\u5177\u7684\u3002<\/p>\n
\u5982\u679c\u4f60\u5df2\u7ecf\u5b89\u88c5\u8fc7 Wireshark \u4e86\uff0c\u90a3\u4e48\u8fd9\u4e9b\u5de5\u5177\u5df2\u7ecf\u5728\u4f60\u7684\u7cfb\u7edf\u4e2d\u4e86\u3002\u5982\u679c\u8fd8\u6ca1\u88c5\u7684\u8bdd\uff0c\u90a3\u4e48\u6211\u4eec\u63a5\u4e0b\u6765\u5c31\u5b89\u88c5 Wireshark \u547d\u4ee4\u884c\u5de5\u5177\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u57fa\u4e8e Debian \u7684\u53d1\u884c\u7248\u4e0a\u6211\u4eec\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 Wireshark GUI \u800c\u4ec5\u5b89\u88c5\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u4f46\u662f\u5728 Red Hat \u53ca \u57fa\u4e8e\u5b83\u7684\u53d1\u884c\u7248\u4e2d\u5219\u9700\u8981\u5b89\u88c5\u6574\u4e2a Wireshark \u5305\u3002
\nDebian, Ubuntu \u6216 Linux Mint<\/p>\n
$ sudo apt-get install wireshark-common<\/pre>\n
Fedora, CentOS \u6216 RHEL<\/p>\n
$ sudo yum install wireshark<\/pre>\n
\u5f53\u5b89\u88c5\u597d\u5de5\u5177\u540e\uff0c \u5c31\u53ef\u4ee5\u5f00\u59cb\u4f7f\u7528 editca \u4e0e mergecap \u4e86\u3002\n<\/p>\n
pcap \u6587\u4ef6\u8fc7\u6ee4<\/strong><\/div>\n
\n\u901a\u8fc7 editcap\uff0c \u6211\u4eec\u80fd\u4ee5\u5f88\u591a\u4e0d\u540c\u7684\u89c4\u5219\u6765\u8fc7\u6ee4 pcap \u6587\u4ef6\u4e2d\u7684\u5185\u5bb9\uff0c\u5e76\u4e14\u5c06\u8fc7\u6ee4\u7ed3\u679c\u4fdd\u5b58\u5230\u65b0\u6587\u4ef6\u4e2d\u3002<\/p>\n
\u9996\u5148\uff0c\u4ee5\u201c\u8d77\u6b62\u65f6\u95f4\u201d\u6765\u8fc7\u6ee4 pcap \u6587\u4ef6\u3002 \" - A < start-time > \u548c \" - B < end-time > \u9009\u9879\u53ef\u4ee5\u8fc7\u6ee4\u51fa\u5728\u8fd9\u4e2a\u65f6\u95f4\u6bb5\u5230\u8fbe\u7684\u6570\u636e\u5305\uff08\u5982\uff0c\u4ece 2:30 \uff5e 2:35\uff09\u3002\u65f6\u95f4\u7684\u683c\u5f0f\u4e3a \u201c YYYY-MM-DD HH:MM:SS\"\u3002<\/p>\n
$ editcap -A '2014-12-10 10:11:01' -B '2014-12-10 10:21:01' input.pcap output.pcap <\/pre>\n
\u4e5f\u53ef\u4ee5\u4ece\u67d0\u4e2a\u6587\u4ef6\u4e2d\u63d0\u53d6\u6307\u5b9a\u7684 N \u4e2a\u5305\u3002\u4e0b\u9762\u7684\u547d\u4ee4\u884c\u4ece input.pcap \u6587\u4ef6\u4e2d\u63d0\u53d6100\u4e2a\u5305\uff08\u4ece 401 \u5230 500\uff09\u5e76\u5c06\u5b83\u4eec\u4fdd\u5b58\u5230 output.pcap \u4e2d\uff1a<\/p>\n
$ editcap input.pcap output.pcap 401-500<\/pre>\n
\u4f7f\u7528 \"-D < dup-window >\" \uff08dup-window\u53ef\u4ee5\u770b\u6210\u662f\u5bf9\u6bd4\u7684\u7a97\u53e3\u5927\u5c0f\uff0c\u4ec5\u4e0e\u6b64\u8303\u56f4\u5185\u7684\u5305\u8fdb\u884c\u5bf9\u6bd4\uff09\u9009\u9879\u53ef\u4ee5\u63d0\u53d6\u51fa\u91cd\u590d\u5305\u3002\u6bcf\u4e2a\u5305\u90fd\u4f9d\u6b21\u4e0e\u5b83\u4e4b\u524d\u7684 < dup-window > -1 \u4e2a\u5305\u5bf9\u6bd4\u957f\u5ea6\u4e0eMD5\u503c\uff0c\u5982\u679c\u6709\u5339\u914d\u7684\u5219\u4e22\u5f03\u3002<\/p>\n
$ editcap -D 10 input.pcap output.pcap<\/pre>\n
\u4e5f\u53ef\u4ee5\u5c06 < dup-window > \u5b9a\u4e49\u6210\u65f6\u95f4\u95f4\u9694\u3002\u4f7f\u7528\"-w < dup-time-window >\"\u9009\u9879\uff0c\u5bf9\u6bd4< dup-time-window > \u65f6\u95f4\u5185\u5230\u8fbe\u7684\u5305\u3002<\/p>\n
$ editcap -w 0.5 input.pcap output.pcap <\/pre>\n<\/p>\n
\u5206\u5272 pcap \u6587\u4ef6<\/strong><\/div>\n
\n\u5f53\u9700\u8981\u5c06\u4e00\u4e2a\u5927\u7684 pcap \u6587\u4ef6\u5206\u5272\u6210\u591a\u4e2a\u5c0f\u6587\u4ef6\u65f6\uff0ceditcap \u4e5f\u80fd\u8d77\u5f88\u5927\u7684\u4f5c\u7528\u3002\u5c06\u4e00\u4e2a pcap \u6587\u4ef6\u5206\u5272\u6210\u6570\u636e\u5305\u6570\u76ee\u76f8\u540c\u7684\u591a\u4e2a\u6587\u4ef6<\/p>\n
$ editcap -c (packets -per-[file]) (input -pcap-[file])(output -prefix)<\/pre>\n
\u8f93\u51fa\u7684\u6bcf\u4e2a\u6587\u4ef6\u6709\u76f8\u540c\u7684\u5305\u6570\u91cf\uff0c\u4ee5 < output-prefix >-NNNN\u7684\u5f62\u5f0f\u547d\u540d\u3002\u4ee5\u65f6\u95f4\u95f4\u9694\u5206\u5272 pcap \u6587\u4ef6<\/p>\n
$ editcap -i (seconds -per-[file]) (input-pcap-[file]) (output-prefix)<\/pre>\n<\/p>\n
\u5408\u5e76 pcap \u6587\u4ef6<\/strong><\/div>\n
\n\u5982\u679c\u60f3\u8981\u5c06\u591a\u4e2a\u6587\u4ef6\u5408\u5e76\u6210\u4e00\u4e2a\uff0c\u7528 mergecap \u5c31\u5f88\u65b9\u4fbf\u3002\u5f53\u5408\u5e76\u591a\u4e2a\u6587\u4ef6\u65f6\uff0cmergecap \u9ed8\u8ba4\u5c06\u5185\u90e8\u7684\u6570\u636e\u5305\u4ee5\u65f6\u95f4\u5148\u540e\u6765\u6392\u5e8f\u3002<\/p>\n
$ mergecap -w output.pcap input.pcap input2.pcap [input3.pcap . . .]<\/pre>\n
\u5982\u679c\u8981\u5ffd\u7565\u65f6\u95f4\u6233\uff0c\u4ec5\u4ec5\u60f3\u4ee5\u547d\u4ee4\u884c\u4e2d\u7684\u987a\u5e8f\u6765\u5408\u5e76\u6587\u4ef6\uff0c\u90a3\u4e48\u4f7f\u7528 -a \u9009\u9879\u5373\u53ef\u3002\u4f8b\u5982\uff0c\u4e0b\u5217\u547d\u4ee4\u4f1a\u5c06 input.pcap \u6587\u4ef6\u7684\u5185\u5bb9\u5199\u5165\u5230 output.pcap, \u5e76\u4e14\u5c06 input2.pcap \u7684\u5185\u5bb9\u8ffd\u52a0\u5728\u540e\u9762\u3002<\/p>\n
$ mergecap -a -w output.pcap input.pcap input2.pcap <\/pre>\n<\/p>\n
\u603b\u7ed3<\/strong><\/div>\n
\u5728\u8fd9\u7bc7\u6307\u5bfc\u4e2d\uff0c\u6211\u6f14\u793a\u4e86\u591a\u4e2a editcap\u3001 mergecap \u64cd\u4f5c pcap \u6587\u4ef6\u7684\u4f8b\u5b50\u3002\u9664\u6b64\u4e4b\u5916\uff0c\u8fd8\u6709\u5176\u5b83\u7684\u76f8\u5173\u5de5\u5177\uff0c\u5982 reordercap\u7528\u4e8e\u5c06\u6570\u636e\u5305\u91cd\u65b0\u6392\u5e8f\uff0ctext2pcap \u7528\u4e8e\u5c06 pcap \u6587\u4ef6\u8f6c\u6362\u4e3a\u6587\u672c\u683c\u5f0f\uff0c pcap-diff\u7528\u4e8e\u6bd4\u8f83 pcap \u6587\u4ef6\u7684\u5f02\u540c\uff0c\u7b49\u7b49\u3002\u5f53\u8fdb\u884c\u7f51\u7edc\u5165\u4fb5\u6d4b\u8bd5\u53ca\u89e3\u51b3\u7f51\u7edc\u95ee\u9898\u65f6\uff0c\u8fd9\u4e9b\u5de5\u5177\u4e0e\u5305\u6ce8\u5165\u5de5\u5177\u975e\u5e38\u5b9e\u7528\uff0c\u6240\u4ee5\u6700\u597d\u4e86\u89e3\u4ed6\u4eec\u3002<\/p>\n
\n
via: http:\/\/xmodulo.com\/filter-split-merge-pcap-linux.html<\/a>
\n\u4f5c\u8005\uff1aDan Nanni \u8bd1\u8005\uff1aSPccman \u6821\u5bf9\uff1awxy
\n\u672c\u6587\u7531 LCTT<\/a> \u539f\u521b\u7ffb\u8bd1\uff0c Linux\u4e2d\u56fd<\/a> \u8363\u8a89\u63a8\u51fa<\/p>\n
\n
\u539f\u6587\u6765\u81ea\uff1a https:\/\/linux.cn\/article-4762-1.html<\/a><\/p>\n
\u672c\u6587\u5730\u5740\uff1a http:\/\/lrxjmw.cn\/linux-pcap-file.html<\/a>\u7f16\u8f91\uff1a\u5f20@\u5b87\uff0c\u5ba1\u6838\u5458\uff1a\u9004\u589e\u5b9d<\/span><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
\u5bfc\u8bfb \u5982\u679c\u4f60\u662f\u4e00\u4e2a\u6d4b\u8bd5\u5165\u4fb5\u4fa6\u6d4b\u7cfb\u7edf\u6216\u4e00\u4e9b\u7f51\u7edc\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u7684\u7f51\u7edc\u7ba1\u7406\u5458\uff0c\u90a3\u4e48\u4f60\u7ecf\u5e38\u9700\u8981\u6293\u53d6\u6570\u636e\u5305\u5e76\u5728\u79bb\u7ebf\u72b6\u6001\u4e0b\u5206 […]<\/p>\n","protected":false},"author":310,"featured_media":90181,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-90170","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/90170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/310"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=90170"}],"version-history":[{"count":17,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/90170\/revisions"}],"predecessor-version":[{"id":290234,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/90170\/revisions\/290234"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/90181"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=90170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=90170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=90170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}