I want to print the information that I need of a PCAP file. I know that I can use the command "tshark -e":
My question is: How can I display the "id source port", "id destination port"?
And for "-e data", is it possible to display just the first 8 bytes?
asked 02 May '12, 08:32
edited 02 May '12, 14:47
I guess you are interested in
If you need the UDP source port, replace
Unfortunately, this is not possible. However, you can limit the total packet size with editcap, effectively getting only 8 bytes of data, at least in the most cases.