I would like to use tshark or some other tool for listening on a network interface, and generate a file for each TCP/UDP stream containing the raw stream data (the same thing I get with "follow stream" in wireshark).
I can do a similar thing using tcpflow. The problem of tcpflow is that it splits the TCP stream in two files: one for each endpoint. So if I capture an HTTP request, I can find the GET in one file, and the 200 OK in another. I want them in the same one.
I can also do a similar thing using tshark like shown here, but only works for existing pcap files, not for live traffic.
asked 27 Nov '14, 05:38
edited 27 Nov '14, 05:39