Hello
I have read the post of Sake Blok [1] about automating tcp stream
extraction. The solution explained there uses multiple instances of
tshark and I would like to know if it's also possible to do this with
just one instance of tshark.
Instead of using the display filter, I thought I could just use -T
fields and then parse the ouput. The problem is that I also want to
use filters, such as tcp.analysis.retransmission [2] and their "Type"
is None, which means that tshark writes nothing in the concerning
column.
AFAIK there seems to be also no way to change the display filter while
tshark is running.
Regards Nils
[1] http://article.gmane.org/gmane.network.wireshark.user/2834/match=tshark+fields
[2] http://www.wireshark.org/docs/dfref/t/tcp.html