软件简介

监视网络来往包，纪录收到的包，需要pcap支持，可工作在windows和linux下。

可根据对方端口和ip来过滤，过滤方式有包含和不包含两种方式可选，纪录方式有裸数据、流量和文本。

本程序可用来做端口流量统计，或者详细的web请求日志，用于事后分析。

用法:
pstat [-f ] [-i ] [-d ] [-e] [-g ]
[-n mode] [-i ] [-d ]
[-v] [-x ] [-C] [-p] [-w] [-B ] [-A ] [-c ] [-s ]

Options:
[–interface|-i] | Input interface name (numeric/symbolic)
| or pcap file path
[–data-dir|-d] | Data directory (must be writable).
| Default: data
[–daemon|-e] | Daemonize pstat
[–dump-timeline|-C] | Enable timeline dump.
[–pid|-G] | Pid file path
[–kill|-k] | Kill Daemon
[–packet-filter|-B] | Ingress packet filter (BPF filter)
[–snaplen|-s] | capture length,if length less then 1,set to
128(default:128)
[–output-mode|-A] | Setup data output mode:
| bit 0(1) - set 1 to Enable detail file output(default 1)
| bit 1(2) - set 1 to Enable minute sum output(default 0)
| bit 2(4) - set 1 to Enable raw data output(default 0)
[–local-networks|-m] | Local net ip (default: 192.168.1.2)
[–filter-ip|-c] | add ip to be ingored,16 max can be added
[–host-mode|-w] | treat filter ip to C class net(default no)
[–filter-port|-p] | add port into list to be watch,16 max can be added
[–block-mode|-n] | how to used port and ip list, block mod is 1, pass mode is
0:
| bit 0(1) - port list mode (default 0 )
| bit 1(2) - ip list mode (default 1)
[–rid-line|-x] | set to 1 to get rid of lines in content(default 0)
[–defaults-file|-f] | Use the specified defaults file
[–verbose|-v] | Verbose tracing
[–help|-h] | Help