I am using Wireshark to capture packets generated from my simulation testbed. I want to extract the payload from the frames and store them as a raw data or csv file to use them in my machine learning algorithm. My capturing is a set of streams so and I want the payload from each of them in a separate file without need to manually choose stream after stream. I tried (tcp.stream eq 4) but it is a laborious take to go one by one !! IS there a quick way? asked 05 Oct '16, 07:54  mraseeri edited 05 Oct '16, 11:48  grahamb ♦ |
2 Answers:
To extract data from several distinct TCP streams in a capture file, one file per stream, you need to use scripting around tshark. First, you would run
and count the number of output lines to determine the total number of tcp sessions in the capture and store it to Next, you would run, in a
The details can be found at tshark man page at Wireshark wiki. answered 05 Oct '16, 09:13  sindy |
Try using tcpflow, it reads a pcap file and exports each tcp stream to a separate file of the form answered 05 Oct '16, 11:47 grahamb ♦ |
I'm not sure I get you right. Are you interested in data from all packets of a single stream and you have a problem that you have to copy them packet by packet, or you have a hundred streams in your capture and you want the data from each of them in a separate file without need to manually choose stream after stream?
Yes, I should've been clear in that. I have a set of streams and I want the data from each of them in a separate file without need to manually choose stream after stream. I'll update my question