You can do it easily:
mkdir /root/.config/wireshark
echo "cflow.ipfix.ports: 4739,4740" > /root/.config/wireshark/preferences
You can do it easily:
mkdir /root/.config/wireshark
echo "cflow.ipfix.ports: 4739,4740" > /root/.config/wireshark/preferences
tshark -n -i eth4 -c 1000 -Y "vlan"Но он упорно не работает, хотя Вы четко уверены - vlan трафика там куча!
ethtool -K eth4 rxvlan offВот так вот :)
tshark -r ../raw_packets_data/ip_packet_with_telnet_to_22_port_with_dropbear_from_mac_os_el_capitan.pcap -V |grep Seq Sequence number: 0 (relative sequence number)
tshark -r ../raw_packets_data/ip_packet_with_telnet_to_22_port_with_dropbear_from_mac_os_el_capitan.pcap -V -o "tcp.relative_sequence_numbers: FALSE" |grep seq -iTransmission Control Protocol, Src Port: 52500 (52500), Dst Port: ssh (22), Seq: 1133079759, Len: 0 Sequence number: 1133079759
tshark: Lua: Error during loading:
[string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Running as user "root" and group "root". This could be dangerous.
sudo groupadd wireshark
sudo usermod -a -G wireshark имя_вашего_юзера
# This command should be called without sudo!
newgrp wireshark
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
tshark -i sflow1 -n -c 1 Capturing on 'sflow1' 1 0.000000 xxx -> yyy TCP 64 34426 > 80 [ACK] Seq=1 Ack=1 Win=8712 Len=0