一、wireshark的yum安装

# yum -y install epel-release

# yum -y install wireshark

版本太低了。

二、wireshark的编译安装

Index of /pub/wireshark/src/

http://ftp.uni-kl.de/pub/wireshark/src/

http://ftp.uni-kl.de/pub/wireshark/src/all-versions/

Centos yum源带的tshark版本特别低，我们需要更高版本的tshark。

# yum -y  install cmake3 glib2-devel libpcap libpcap-devel libgcrypt-devel glib2-devel qt-devel qt5-qtbase-devel qt5-linguist qt5-qtmultimedia-devel qt5-qtsvg-devel libcap-devel libcap-ng-devel gnutls-devel krb5-devel libxml2-devel lua-devel lz4-devel snappy-devel spandsp-devel libssh2-devel bcg729-devel libmaxminddb-devel sbc-devel libsmi-devel libnl3-devel libnghttp2-devel libssh-devel libpcap-devel c-ares-devel redhat-rpm-config rpm-build gtk+-devel gtk3-devel desktop-file-utils portaudio-devel rubygem-asciidoctor docbook5-style-xsl docbook-style-xsl systemd-devel python34 cmake3 git gcc gcc-c++ flex bison doxygen gettext-devel libxslt cmake

# wget -c http://ftp.uni-kl.de/pub/wireshark/src/all-versions/wireshark-3.2.3.tar.xz

#  tar -xvf wireshark-3.2.3.tar.xz

# cd wireshark-3.2.3

# cmake3 .

#  make -i -j 16

# make install

#  tshark -v

长期用来统计抓包中的各种 响应时间，这个时候应用的日志已经不可信了。

按URL、时间梯度进行分组统计：

#  tshark -r   file.pcap   -Y  'http.time>0 ' -T fields -e frame.number -e frame.time_epoch  -e frame.time_delta_displayed  -e ip.src -e ip.dst -e tcp.stream  -e http.request.full_uri -e http.response_for.uri  -e http.time  | awk '{ print int($2/10), $8 }' | awk '{ sum[$1]+=$2; count[$1]+=1 ;} END { for (key in count) {  printf  "time= %s  \t count=%s  \t avg=%.6f \n", key,  count[key], sum[key]/count[key] } }' | sort -k2n | gawk '{ print strftime("%c",$2*10), $0 }'

三、参考

Index of /pub/wireshark/src/

http://ftp.uni-kl.de/pub/wireshark/src/

http://ftp.uni-kl.de/pub/wireshark/src/all-versions/

plantegg

https://plantegg.github.io