Revision history [back]
Comparing TShark & Wireshark "Follow Stream"
When I compare the output of this command,
& 'C:\Program Files\Wireshark\tshark.exe' -nr 'D:\pcap\test\output_0932.pcap' -z follow,tcp,raw,0 -Y tcp -w tshark.dat | Out-Null
which I believe should be the equivalent of "follow TCP stream" in the Wireshark GUI I get different outputs.
The TShark output is more or less the same, but there is more (a TShark header at the top is one example).
Is there anyway to get exactly the same output?
The GUI gives me what I want, but I would like to script the process using TShark.
Thanks!
Comparing TShark & Wireshark "Follow Stream"
When I compare the output of this command,
& 'C:\Program Files\Wireshark\tshark.exe' -nr 'D:\pcap\test\output_0932.pcap' -z follow,tcp,raw,0 -Y tcp -w tshark.dat | Out-Null
which I believe should be the equivalent of "follow TCP stream" in the Wireshark GUI I get different outputs.
The TShark output is more or less the same, but there is more (a TShark header at the top is one for example).
Is there anyway to get exactly the same output?
The GUI gives me what I want, but I would like to script the process using TShark.
Thanks!
Comparing TShark & Wireshark "Follow Stream"
When I compare the output of this command,
& 'C:\Program Files\Wireshark\tshark.exe' -nr 'D:\pcap\test\output_0932.pcap' -z follow,tcp,raw,0 follow,tcp,ascii,0 -Y tcp -w tshark.dat tshark.ascii.dat | Out-Null
which I believe should be the equivalent of "follow TCP stream" in the Wireshark GUI I get different outputs.
The TShark output is more or less the same, but there is more (a TShark header at the top for example).
Is there anyway to get exactly the same output?
The GUI gives me what I want, but I would like to script the process using TShark.
Thanks!