This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Automatic extracting needed data from the ready pcap-files

0

Hello! I have a server for storing the pcap-files (few hundreds) of sniffered interfaces. And I'd like to extract needed data from this pcap-files. Just for example: I have 200 pcap-files 50 MB each. It's needed to search all ICMP-pings from IP1 to IP2 and answeres. Currently I learn the possibility of using of script-languages and tshark-commands. May be other ways exists? What are the variants how I can do it?

asked 05 May '14, 02:56

factorial's gravatar image

factorial
26448
accept rate: 0%


One Answer:

1

Currently I learn the possibility of using of script-languages and tshark-commands.

that's basically the only option to do it in an automatic way, besides reading the pcap file directly with your own software. So, go ahead with that approach.

Regards
Kurt

answered 05 May '14, 05:37

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%