Hi
I saw the following command, but it output only the layer 7 , so i am missing all the other packets
tshark -U "OSI layer 7" -2
The ip fragments, and tcp sequence are output in a good way ( packet are reassembled ) but I would also like to see the other packets
Perhaps to create a tap in code that will receive all packet that don't answer to OSI layer 7
Is there a way to save tshark output reassembled and also packet that didn't get into the "OSI layer 7".
if there are only eth->ip->tcp layers, the packet are not saved in output with this command