This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

plain text automatic save

0	is there a possibility "plain text objects" automatically export and in real time? I need the data in real time as individual files. thx real plain save time text asked 20 Oct '13, 10:41 sub2k 11●1●1●2 accept rate: 0%

One Answer:

I need the data in real time as individual files.

Unfortunately that's not possible with tshark/Wireshark. You can extract the TCP payload with tshark, however not in real time and not automatically as separate files.

See the following similar questions:

http://ask.wireshark.org/questions/11331/tshark-t-fields-question
http://ask.wireshark.org/questions/25371/how-to-extract-hex-data-from-ssl
http://ask.wireshark.org/questions/23827/get-tcp-and-udp-payloads-with-tshark
http://ask.wireshark.org/questions/16268/how-do-i-extract-all-the-data-sections
http://ask.wireshark.org/questions/16592/tcp-stream-output-in-pdml-format

What you need is kind of a forensic network tool. Please check one of the following tools

http://www.forensicswiki.org/wiki/Tcpflow
http://ngrep.sourceforge.net/
http://www.xplico.org/
http://www.cockos.com/assniffer/

Or maybe another tool listed here

http://wiki.wireshark.org/Tools
http://www.winpcap.org/misc/links.htm

Regards
Kurt

answered 21 Oct '13, 03:05

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%