Discussion:
"Follow tcp stream" in tshark
Dario Lombardo
2014-07-21 07:42:30 UTC
Permalink
Hi list
I'd like to use the wireshark "follow tcp stream" functionality in
tshark. What I would like to obtain is a way to automatically (for
that I can't use wireshark) extract data stream from a bunch of
packets from a capture file.

If I run

cat FILE | nc HOST PORT

I'd like to reconstruct FILE from capture.

Is there a way to achieve this in tshark?
Thanks
Dario.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe
Jeff Morriss
2014-07-23 19:25:09 UTC
Permalink
Post by Dario Lombardo
Hi list
I'd like to use the wireshark "follow tcp stream" functionality in
tshark. What I would like to obtain is a way to automatically (for
that I can't use wireshark) extract data stream from a bunch of
packets from a capture file.
If I run
cat FILE | nc HOST PORT
I'd like to reconstruct FILE from capture.
Is there a way to achieve this in tshark?
According to the tshark(1) man page "follow tcp stream" is available by
using this option:

-z follow,prot,mode,filter[,range]

It appears this option is present at least as far back as the 1.10.x
releases.

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe
Continue reading on narkive:
Loading...