export from one field of packets
Hello Sorry, my English is not good I wanted to know if there is a way to output only a specific field of a large number of packets in a file format?
1 Answer
- Sort by
oldest newest most voted
0
tshark is good for exporting fields:
~$ tshark -r ./output.pcap -T fields -e frame.number -e tcp.flags.str -Y tcp.flags.str 50 ·······A···F 51 ·······AP··· 52 ·······AP··· 53 ·······A···· ...
Adding the -Y option with the field name prevents printing blank lines for frames that don't include the field.
Your Answer
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments