Re: "Follow tcp stream" in tshark

[Jeff Morriss <jeff.morriss.ws () gmail com>]

On 07/21/14 03:42, Dario Lombardo wrote:
> Hi list
> I'd like to use the wireshark "follow tcp stream" functionality in
> tshark. What I would like to obtain is a way to automatically (for
> that I can't use wireshark) extract data stream from a bunch of
> packets from a capture file.
>
> If I run
>
> cat FILE | nc HOST PORT
>
> I'd like to reconstruct FILE from capture.
>
> Is there a way to achieve this in tshark?

According to the tshark(1) man page "follow tcp stream" is available by 
using this option:

           -z follow,prot,mode,filter[,range]

It appears this option is present at least as far back as the 1.10.x 
releases.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe