监视网络来往包,纪录收到的包,需要pcap支持,可工作在windows和linux下。
可根据对方端口和ip来过滤,过滤方式有包含和不包含两种方式可选,纪录方式有裸数据、流量和文本。
本程序可用来做端口流量统计,或者详细的web请求日志,用于事后分析。
用法:
pstat [-f
[-v] [-x ] [-C] [-p] [-w] [-B
Options:
[--interface|-i]
| or pcap file path
[--data-dir|-d]
| Default: data
[--daemon|-e] | Daemonize pstat
[--dump-timeline|-C] | Enable timeline dump.
[--pid|-G]
[--kill|-k] | Kill Daemon
[--packet-filter|-B]
[--snaplen|-s]
[--output-mode|-A]
| bit 0(1) - set 1 to Enable detail file output(default 1)
| bit 1(2) - set 1 to Enable minute sum output(default 0)
| bit 2(4) - set 1 to Enable raw data output(default 0)
[--local-networks|-m]
[--filter-ip|-c]
[--host-mode|-w] | treat filter ip to C class net(default no)
[--filter-port|-p] | add port into list to be watch,16 max can be added
[--block-mode|-n] | how to used port and ip list, block mod is 1, pass mode is 0:
| bit 0(1) - port list mode (default 0 )
| bit 1(2) - ip list mode (default 1)
[--rid-line|-x]
[--defaults-file|-f]
[--verbose|-v] | Verbose tracing
[--help|-h] | Help
