I would like to use tshark or some other tool for listening on a network interface, and generate a file for each TCP/UDP stream containing the raw stream data (the same thing I get with "follow stream" in wireshark). I can do a similar thing using tcpflow. The problem of tcpflow is that it splits the TCP stream in two files: one for each endpoint. So if I capture an HTTP request, I can find the GET in one file, and the 200 OK in another. I want them in the same one. I can also do a similar thing using tshark like shown here, but only works for existing pcap files, not for live traffic. asked 27 Nov '14, 05:38  Otacon22 edited 27 Nov '14, 05:39 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
