plink.exe -batch -ssh -pw password [email protected] "tcpdump -ni br-lan -s 0 -w - not port 22" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -
ssh [email protected] tcpdump -i INTERFACE -U -s0 -w - 'not port 22' | wireshark -k -i -
import dpkt
from dpkt.compat import compat_ord
import binascii
bmac = binascii.a2b_hex('000000000000')# 當前電腦的mac
emac = binascii.a2b_hex('ffffffffffff')# 抓包電腦的mac
file_name1="./184.pcap"
fo=open("./fo.pcap", "wb")
pcapout = dpkt.pcap.Writer(fo)
def p(file_name):
f=open(file_name, 'rb')
pcap = dpkt.pcap.Reader(f)
for timestamp, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
src=eth.src
dst=eth.dst
if eth.src==emac:
src=bmac
if eth.dst==emac:
dst=bmac
temp = dpkt.ethernet.Ethernet(src = src, dst = dst, type= eth.type, data = eth.data)
pcapout.writepkt(temp, ts = timestamp)
p(file_name1)
fo.close()