Wireshark · Wireshark-users: Re: [Wireshark-users] "Follow tcp stream" in tshark

Wireshark-users: Re: [Wireshark-users] "Follow tcp stream" in tshark

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Wed, 23 Jul 2014 15:25:09 -0400

On 07/21/14 03:42, Dario Lombardo wrote:

Hi list
I'd like to use the wireshark "follow tcp stream" functionality in
tshark. What I would like to obtain is a way to automatically (for
that I can't use wireshark) extract data stream from a bunch of
packets from a capture file.

If I run

cat FILE | nc HOST PORT

I'd like to reconstruct FILE from capture.

Is there a way to achieve this in tshark?

According to the tshark(1) man page "follow tcp stream" is available byusing this option:


           -z follow,prot,mode,filter[,range]

It appears this option is present at least as far back as the 1.10.xreleases.

References:
- [Wireshark-users] "Follow tcp stream" in tshark
  - From: Dario Lombardo

Prev by Date: Re: [Wireshark-users] Heartbleed pcap
Next by Date: [Wireshark-users] Wireshark 1.12.0rc3 for OS X 64bits is not really 64 bits ?
Previous by thread: [Wireshark-users] "Follow tcp stream" in tshark
Next by thread: [Wireshark-users] Force Wireshark to decode part of Data as another protocol
Index(es):
- Date
- Thread