tshark commands

[David Milbourne <dmilbo () gmail com>]

Hello,

I'm trying to figure out how to use Wireshark's "Follow TCP Stream" feature
in tshark.  For example, I have a PCAP file and I'd like to extract out all
of the .ntf files.  I know if I type:

tshark -r server.pcap -R "data contains NTF0"

This will show me a list of the streams in the PCAP file that contain the
above string.  However, how can I re-create these files (similar to "Follow
TCP Stream" and "save as" in Wireshark)?

Thank-you,
DM

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe