Wireshark mailing list archives
Re: How to extract raw TCP data with command line ?
From: <Tim.Poth () bentley com>
Date: Mon, 13 Aug 2012 14:37:29 +0000
For that much data I really think you want to look at cascade pilot (http://www.riverbed.com/us/products/cascade/cascade_pilot.php) it deals with huge captures much better. Once you filter down to what your looking for you can then send just that data from Pilot out to Wireshark to get at the bytes. If you still just want to use just wireshark I think you would be better off breaking it down in to smaller chunks. You can used editcap.exe to break the file up in to chunks with x amount of packets or time in each file or pull out a specific time frame in to its own file. You could try to use tshark to filter specific streams or types of traffic in to its own file but I'm not sure what tshark will do with a 100gb capture. Hope that helps From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Lecointe, Nicolas Sent: Monday, August 13, 2012 8:27 AM To: wireshark-users () wireshark org Subject: [Wireshark-users] How to extract raw TCP data with command line ? All, In Wireshark, we can extract raw TCP data by "Follow TCP Stream" + "Save As". But Wireshark can't open very large capture file (+100 GB). How can I extract raw TCP data with command line ? Thanks Nicolas
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to extract raw TCP data with command line ? Lecointe, Nicolas (Aug 13)
- Re: How to extract raw TCP data with command line ? Tim.Poth (Aug 13)