Like the title says, I am wondering how I can output tshark(wireshark command line) packets directly to my c# application.
就像标题所说,我想知道如何将tshark(wireshark命令行)数据包直接输出到我的c#应用程序。
I would like to output the packets so I can process the individual packets in my application.
我想输出数据包,以便我可以在我的应用程序中处理各个数据包。
For instance redirect output, and add a callback to handle each packet and then process each individual packet.
例如,重定向输出,并添加回调来处理每个数据包,然后处理每个数据包。
Could anyone with similar experience or even any idea how to do this help me out? It would be very appreciated.
任何有相似经验甚至任何想法如何做到这一点的人都可以帮助我吗?非常感谢。
1 个解决方案
#1
0
You can use the -l option of tshark. From the documentation:
您可以使用tshark的-l选项。从文档:
-l
[....]
This may be useful when piping the output of TShark to another program, as it means that the program to which the output is piped will see the dissected data for a packet as soon as TShark sees the packet and generates that output, rather than seeing it only when the standard output buffer containing that data fills up.
当将TShark的输出传递给另一个程序时,这可能很有用,因为这意味着输出管道输出的程序将在TShark看到数据包并生成输出后立即看到数据包的解剖数据,而不是看到它仅当包含该数据的标准输出缓冲区填满时。
#1
0
You can use the -l option of tshark. From the documentation:
您可以使用tshark的-l选项。从文档:
-l
[....]
This may be useful when piping the output of TShark to another program, as it means that the program to which the output is piped will see the dissected data for a packet as soon as TShark sees the packet and generates that output, rather than seeing it only when the standard output buffer containing that data fills up.
当将TShark的输出传递给另一个程序时,这可能很有用,因为这意味着输出管道输出的程序将在TShark看到数据包并生成输出后立即看到数据包的解剖数据,而不是看到它仅当包含该数据的标准输出缓冲区填满时。