[GTALUG] Wireshark question -- script to extract data in TCP stream?
William Park
opengeometry at yahoo.ca
Tue Sep 26 00:47:21 EDT 2017
To network experts...
>From Wireshark, I can click "TCP Follow" tab and extract one-way data
flow from a tcp stream. I can do this manually, one by one. But, I
have many many streams.
Does anyone know how to extract one-way data stream via script?
Google says
tshark -q -r capture.pcapng -z follow,tcp,raw,0
where '0' is the tcp stream number 0. But, it gives me data moving both
ways. I just want data moving one-way.
--
William Park <opengeometry at yahoo.ca>
.
More information about the talk
mailing list