On Sat, 25 Oct 2008, brian.r.kneebone@xxxxxxxxxx wrote:
Hi There,
I received some CAP files to analyse.ᅵ I'm comfortable with filtering
the traffic I want and following streams and dumping out to raw files,
but is there any way with a filter that I can have Wireshark to dump all
streams out to individual raw files?ᅵ In my case, I have a bazillion of
these files and doing it manually isn't practical.ᅵ Once they're dumped
I have another script ready to do some magic on them and analyse for
errors.ᅵ Much appreciated.
Linux-specific answer ahead.
I recently had to solve the same problem; in my case, I used a
tool called tcpflow(http://www.circlemud.org/~jelson/software/tcpflow/)
I did run into one minor issue with tcpflow, namely that it added
one byte to the beginning of all of the raw files. This may perhaps
be a particular fluke of the method I've been using to analyze the
files, which started out as packeteer format before I converted
to pcap. dcfldd did an excellent job of removing that first byte.
-------Patrick M Geahan----pmgeahan@xxxxxxxxxxxxxx---ICQ:3784715------
"You know, this is how the sum total of human knowledge is increased.
Not with idle speculation and meaningless chatter, but with a
medium-sized hammer and some free time." - spam.sc@xxxxxxxxx, a.f.c-a