Tshark批量导出http内容

tshark -r attack.pcap -Y "ip.addr == 192.168.144.166 && tcp.port == 7001 && http" -T fields -e http.file_data > detail.html

-r attack.pcap # 文件
-Y "ip.addr == 192.168.144.166 && tcp.port == 7001 && http" # 过滤条件
-T fields -e http.file_data # 输出指定的项目