This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Get packets byte from filter using command line

0

I looking for command that after search for specific filter for example: tcp.port==80 the output will be the packet in byte.

until now i am using this command : tshark.exe -Y tcp.port==80 -n -r file.pcap and the output is only the packet details:

packet number  28.853596  192.0.16.37 -> 66.196.114.114 TCP 66 50580 > 5050 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

asked 24 Nov '13, 04:13

falukky's gravatar image

falukky
1111
accept rate: 0%

One Answer:

0

Maybe the -x option is what you're looking for? Did you try:

tshark.exe -Y tcp.port==80 -n -r file.pcap -x

For more information on tshark usage, refer to the tshark man page.

answered 24 Nov '13, 11:47

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%