Revision history [back]
how to get entire raw packets by using the tshark?
I couldn't find a way to extract all raw packets from a PCAP file.
there is something like:
tshark -r file.pcap -T fields -e frame.number -e data
however, it doesn't return the entire packet.
it should be something like:
tshark -T jsonraw -j "http tcp ip" -x -r file.pcap
however with only frame.raw output for each packet.
My desired out is (frame number and any format of the entire packets):
1 00a0c58fe3c7000c761c1b97080045000028939e40004006f9adc0a80121ccb21f08db2d023467a50f421c83f58350100993926d0000
2 08db2d023468fe3c7000c761c1b97080045000028939e40004006f9adc0a80121ccb21f08db2d023467a50f421c83f58350100993926d0000
....
how to get entire raw packets by using the tshark?
I couldn't find a way to extract all raw packets from a PCAP file.
there is something like:
tshark -r file.pcap -T fields -e frame.number -e data
however, it doesn't return the entire packet.
it should be something like:
tshark -T jsonraw -j "http tcp ip" -x -r file.pcap
however with only frame.raw output for each packet.
My desired out is (frame number and any format of the entire packets):
1 00a0c58fe3c7000c761c1b97080045000028939e40004006f9adc0a80121ccb21f08db2d023467a50f421c83f58350100993926d0000
2 08db2d023468fe3c7000c761c1b97080045000028939e40004006f9adc0a80121ccb21f08db2d023467a50f421c83f58350100993926d0000
....
how to get entire raw packets by using the tshark?
I couldn't find a way to extract all raw packets from a PCAP file.
there is something like:
tshark -r file.pcap -T fields -e frame.number -e data
however, it doesn't return the entire packet.
it should be something like:
tshark -T jsonraw -j "http tcp ip" -x -r file.pcap
however with only frame.raw output for each packet.
My desired out is (frame number and any format of the packets):
1 00a0c58fe3c7000c761c1b97080045000028939e40004006f9adc0a80121ccb21f08db2d023467a50f421c83f58350100993926d0000
2 08db2d023468fe3c7000c761c1b97080045000028939e40004006f9adc0a80121ccb21f08db2d023467a50f421c83f58350100993926d0000
....
how to get entire raw packets by using the tshark?
I couldn't find a way to extract all raw packets from a PCAP file.
there is something like:
tshark -r file.pcap -T fields -e frame.number -e data
however, it doesn't return the entire packet.
it should be something like:
tshark -T jsonraw -j "http tcp ip" -x -r file.pcap
however with only frame.raw output for each packet.