On Wed, 19 Nov 2008, Michael Monte wrote:
Is there any way in tshark to do something like the follow tcp steam in
wireshark? Or even be able to output the packets in their reassembled
order to a file. It seems even with the preferences setting in
~/.wireshark/preference being what they should be, the packet data
output not in its reassembled order.
I used a program called tcpflow to do just this thing; it took an
input file and gave you a series of files pulled from the traffic.
I had one minor issue, which was that tcpflow added a single extra
leading byte to each file; but it was pretty simple to pull that extra
byte off.
-------Patrick M Geahan----pmgeahan@xxxxxxxxxxxxxx---ICQ:3784715------
"You know, this is how the sum total of human knowledge is increased.
Not with idle speculation and meaningless chatter, but with a
medium-sized hammer and some free time." - spam.sc@xxxxxxxxx, a.f.c-a