I need to scan through several hundred capture files and
pull out all of the 9 character ID’s on certain request packets.
I’m using the following tshark command: tshark
-r cfile0001.cap -R "data contains NETN" -Tfields -edata
However, I cannot find a way in tshark to get this to output
as text, only as a byte array. I’ve tried –edata-text-lines,
and various other things from the tshark man page, but so far no luck. I just need to display the
data as ascii text…….
Ideally, I would like to extract the ID’s that are at
a fixed byte offset.. I tried –edata[66:9] but this displayed only
blank lines……..
Any help would be much appreciated!
David