First time here? Check out the FAQ!

THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.

How to read a pcap file packet per packet

pcap
retag add tags

I want to read a pcap file packet per packet and I didn't figure out how to do this. For example, I want to take the first packet in the pcap apply the filter tls.record.length to read it TLS record length and if this length is equal to a value append it to a list. I want to do this with a script. Any help please?

alajeb

asked 2020-04-13 09:40:25 +0000

edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

Sort by

oldest

newest

most voted

Use tshark and supply options such as -T fields -e FieldYouWant1 -e FieldYouWant2 ... to give csv output. You can have as many -e fieldname arguments as you need. Note that if the field isn't present in a packet you will get a blank.

The output can be processed by the script language of your choice.

23.8k

grahamb

answered 2020-04-13 10:36:09 +0000

edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer

How to read a pcap file packet per packet edit

Comments

1 Answer

Comments