Greetings,
I am trying to extract the TCP Payload from reassembled TCP streams. The data I am interested in can be found in tshark output when -x option is used. When -x is used, the section/filed is called "Reassembled TCP". I can not find an option or field in tshark to print or output this section. In short I am trying to do the same thing tcpflow does in Linux and dump the payload of reassembled TCP streams. There is no particular reason why I am using tshark since it is the only tool(win32) I have found so far but I am open to suggestions. Thank you in advance.
AG