1.
2.tshark -r 文件 读取流量包
3、tshark -r 文件 -Y“过滤条件” 显示过滤的内容 > 重定向到文件
4、-T fields -e 用来指定输出哪些字段
-T fields -e htpp.request.url 输出http.request.url
正则提取
import re
a=" "
b = re.match('/.*?,1\),(\d+).*?=(\d+)',a)
print b.group(1)
print b.group(2)
cout = 1
oldch =0
falg =""
b = re.match('/.*?,1\),(\d+).*?=(\d+)',a)
with open('2.txt','r') as f:
for x in f.readlines():
reg = re.match('/.*?,1\),(\d+).*?=(\d+)',x)
if (reg):
pos =int(reg.group(1))
nch = int(reg.group(2))
if pos > cont :
flag+=chr(oldh)
cout =pos
oldch = nch
else:
oldch = nch
print flag