[GTALUG] Wireshark question -- script to extract data in TCP stream?
William Park
opengeometry at yahoo.ca
Tue Sep 26 09:55:24 EDT 2017
On Tue, Sep 26, 2017 at 07:11:48AM -0400, James Knott via talk wrote:
> On 09/26/2017 12:47 AM, William Park via talk wrote:
> > To network experts...
> >
> > From Wireshark, I can click "TCP Follow" tab and extract one-way data
> > flow from a tcp stream. I can do this manually, one by one. But, I
> > have many many streams.
> >
> > Does anyone know how to extract one-way data stream via script?
> >
> > Google says
> > tshark -q -r capture.pcapng -z follow,tcp,raw,0
> > where '0' is the tcp stream number 0. But, it gives me data moving both
> > ways. I just want data moving one-way.
>
> Doesn't following stream in Wireshark also capture both directions?
> Perhaps, after exporting, you could filter out what you need.
How to filter it using Wireshark/Tshark/etc? :-)
I can filter after-the-fact, but it's messy.
--
William Park <opengeometry at yahoo.ca>
More information about the talk
mailing list