Wireshark mailing list archives

Re: tshark Question

From: Average Guy <averageguy333 () yahoo com>
Date: Mon, 27 Dec 2010 18:39:04 -0800 (PST)

Thanks Abhijit, a few issues with this thread, most important being I am using 
Windows which rules out tcpflow and any other *nix based tool. Also, I am not 
searching for any particular string and I need output(printed or saved ) exactly 
like "Follow TCP Stream->Save As" in Wireshark. I am trying to convince myself 
that there is an option in tshark since the bevaior is defined in Wireshark... 
but I am having a hard time believing there is hardly anyone out there in search 
of similar functionality. 


AG




________________________________
From: Abhijit Bare <abhibare () gmail com>
To: Community support list for Wireshark <wireshark-users () wireshark org>
Sent: Mon, December 27, 2010 5:51:03 PM
Subject: Re: [Wireshark-users] tshark Question

Wondering if this thread will help you...

http://www.wireshark.org/lists/wireshark-users/201005/msg00221.html


On Mon, Dec 27, 2010 at 1:19 PM, Average Guy <averageguy333 () yahoo com> wrote:

Better way of putting this, I am looking for the same output as in wireshark:


Follow TCP Stream->Save As(Raw) 

-AG

________________________________
 From: Average Guy <averageguy333 () yahoo com>

To: wireshark-users () wireshark org
Sent: Mon, December 27, 2010 1:27:14 PM
Subject: [Wireshark-users] tshark Question

Greetings,

I am trying to extract the TCP Payload from reassembled TCP streams in Windows. 
The data I am interested in can be found  in tshark output when -x option is 
used. When -x is used, the  section/filed is called "Reassembled TCP". I can not 
find an option or  field in tshark to print or output this section. In short I 
am trying to  do the same thing tcpflow does in Linux and dump the payload of 
reassembled TCP streams. There is no particular  reason why I am using tshark 
since it is the only tool(win32) I have  found so far but I am open to 
suggestions.  Thank you in advance. 

AG

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

tshark Question Average Guy (Dec 27)
- <Possible follow-ups>
- tshark Question Average Guy (Dec 27)
- tshark Question Average Guy (Dec 27)
  - Re: tshark Question Average Guy (Dec 27)
    - Re: tshark Question Abhijit Bare (Dec 27)
    - Re: tshark Question Average Guy (Dec 27)
    - Re: tshark Question Sake Blok (Dec 28)
    - Re: tshark Question Average Guy (Dec 28)
- tshark Question Average Guy (Dec 27)
  - Re: tshark Question Average Guy (Dec 27)