Wireshark-users: Re: [Wireshark-users] use tshark to search for hex or ASCII string in packet?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Martin Mathieson" <martin.r.mathieson@xxxxxxxxxxxxxx>
Date: Thu, 10 Jan 2008 16:13:31 +0000


On Jan 10, 2008 4:07 PM, Sake Blok <sake@xxxxxxxxxx> wrote:
On Thu, Jan 10, 2008 at 03:42:15PM +0000, Martin Mathieson wrote:
> On Jan 10, 2008 3:38 PM, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx >
> wrote:
> > >
> > > How'bout:
> > >
> > > tshark -r <capture-file> -T fields -e frame.time -e data |\
> > >  grep `echo -n "<ascii-string>" | xxd -p` |\
> > >  cut -f 1
> > >
> > > Hex-conversion on the fly and resulting in only the timestamps ;-)
> >
> > Now I know why you're presenting "Advanced Scripting and Command Line
> > Usage with tshark and Related Utilities" at Sharkfest next year :)
>
> This year, I mean.

:-)

Are you coming too?

Cheers,
   Sake

Yes, really looking forward to it!

Martin