Wireshark-users: Re: [Wireshark-users] use tshark to search for hex or ASCII string in packet?
From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 10 Jan 2008 17:07:10 +0100
On Thu, Jan 10, 2008 at 03:42:15PM +0000, Martin Mathieson wrote:
> On Jan 10, 2008 3:38 PM, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx>
> wrote:
> > >
> > > How'bout:
> > >
> > > tshark -r <capture-file> -T fields -e frame.time -e data |\
> > >  grep `echo -n "<ascii-string>" | xxd -p` |\
> > >  cut -f 1
> > >
> > > Hex-conversion on the fly and resulting in only the timestamps ;-)
> >
> > Now I know why you're presenting "Advanced Scripting and Command Line
> > Usage with tshark and Related Utilities" at Sharkfest next year :)
> 
> This year, I mean.

:-)

Are you coming too?

Cheers,
    Sake