Doing some googling and found a mail thread where someone was looking to
have wireshark perform tcp re-assembly directly so that they could then
write a script to process the assembled code.
I'm looking for something like this as well.
In the thread, there was mention of constructing a "tap" to do this. It
looks like this might use something called "lua". There are some
examples in the docs, but there's not enough explanation for me to make
sense of it or how to use it.
Anyone familiar with how to do this?
I'm really looking to parse the packets via net:pcap; i'm not sure if
lua would change the pcap content that I would then access via net:pcap
or if there's a way in net:pcap to do what i want. I'm trying to avoid
writing the code to perform tcp re-assembly on captured files.
Thanks