Hello, do anyone know to deal with it? I have a captured *.pcapng file and it has lots of data. I hope to filter specified port's log to another pacapng file in command line. Could it be possible? If Wireshark/tshark does not provide this method, whether it is possible to complete it with lua? Thanks a lot. asked 12 Jul '16, 19:03  Youping Kang edited 14 Jul '16, 00:29  sindy |
One Answer:
You can certainly do that with Wireshark. Load the file, apply a display filter to select only those packets you are interested in, then save the file selecting to save only those frames shown. answered 12 Jul '16, 23:47  Jaap ♦ |
Thank you Jaap. But what I will filter is volume data and thousands of files. I could not operate this way one by one. So I need a way in command line.
The command line tool is called tshark, the manual is here.
In short, you would use
tshark -r original_pcapng_to_be_filtered -Y "your_display_filter_expression" -w filtered_pcapng_file_to_be_written.You'll use a script to provide the input and output file names.