I want to dump in a one-liner all TCP traffic of a stream after a specific condition. In other words, I want to do something like:
tshark -i wlan0 -s 0 -z follow,tcp,raw,x
How can I do that?
asked 16 Jan '16, 17:41
You can do that with scripting, see my answer to a very similar question:
HOWEVER you can do that only for a pcap file, and not on-the-fly while capturing on an interface (wlan0), for obvious reasons.
So, if you need/want on-the-fly TCP stream extraction, you can't use tshark. ngrep is probably the better tool then.
answered 19 Jan '16, 07:21
Kurt Knochner ♦