hello everybody, I have pcap file that need separate http packets to another pcap file I can do this by GUI, but How can I do that in commandline ? I use gnu/linux distro. Thank you all This question is marked "community wiki". asked 24 Aug '14, 04:27  linuxuser |
One Answer:
You could use tshark to read the file with the "-r" parameter, filter for what you need by using "-R" and writing the results to a new file with "-w", e.g. tshark -r original.pcap -R "http" -w httponly.pcap answered 24 Aug '14, 09:43  Jasper ♦♦ |
I found this filter : tshark -R 'tcp.port == 80' -r mypcap.pcap -w all80porttraffic.pcap