目录
区别
tcpdump wireshark 对比
Tshark 和 Dumpcap 性能对比
参考
他们之间的关系大概如下
libpcap => tcpdump => dumpcap => tshark\Wireshark
tcpdump 、dumpcap 都是基于libpcap 封装,dumpcap 是 tshark\Wireshark 的引擎,而Wireshark 是 tshark的GUI 版本。
区别
Wireshark – a powerful sniffer, with a GUI, which can decode lots of protocols, lots of filters.
Wireshark – 一个强大的嗅探器,带有GUI,可以解码很多协议,很多过滤器。
tshark – command-line version of Wireshark
tshark – Wireshark 的命令行版本
dumpcap (part of Wireshark) – can only capture traffic and can be used by Wireshark / tshark
Dumpcap(Wireshark的一部分) - 只能捕获流量,可以被Wireshark/tshark使用
补充(相比之下Dumpcap会比tshark节省内存)
tcpdump – limited protocol decoding but available on most *NIX platforms
tcpdump – 有限的协议解码,但在大多数 *NIX 平台上可用
tcpdump wireshark 对比
| Sr No | Wireshark | Tcpdump |
|---|---|---|
| 1 | Wireshark is a graphical user interface tool that helps you to catch data packets. | Tcpdump is a CLI-based packet capturing tool. |
| 2 | It does packet analysis, and it can decode data payloads if the encryption keys are identified, and it can recognize data payloads from file transfers such as smtp, http, etc. | Tcpdump only provides do a simple analysis of such types of traffic, such as DNS queries. |
| 3 | It has advanced network interfaces | It has system based conventional interfaces |
| 4 | Wireshark is good for complex filters | Tcpdump is used for simple filters. |
| 5 | It provides decoding of protocol-based packet capturing. | It is less efficient in decoding compared to Wireshark. |
Tshark 和 Dumpcap 性能对比
Tony Fortunato有进行过测试并把结果发布在YOUTUBE上Wireshark tshark vs dumpcap。当然该测试针对的时利用率低于 50% 且帧大小约为 800 字节的流量捕获的流量,结果是 Dumpcap 相比 Tshark 都会随着数据增加而丢包,但 Dumpcap 会表现得更好点。
参考
https://techyrick.com/dumpcap/
tcpdump-vs-wireshark
Wireshark Packet Capture: Tshark Vs. Dumpcap
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://zblog.hqyman.cn/post/10273.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
微信支付宝扫一扫,打赏作者吧~休息一下~~
萌ICP备20248119号
