Hi Richard,
Thanks for the heads up on tcpflow (although I prefer chaosreader
because it allows you to view the 2 way conversation in a single
file). I was just wondering if you could use tshark since the
capability is already in Wireshark and it would be nice to re-use this
capability. Thanks.
On Sat, 21 Nov 2009 19:56 -0500, "Richard Bejtlich"
<taosecurity@xxxxxxxxx> wrote:
> On Sat, Nov 21, 2009 at 2:08 PM, Mathew Brown <mathewbrown@xxxxxxxxxxx>
> wrote:
> > Hi,
> > I was wondering if anyone can highlight how to tell tshark to "Follow
> > TCP Stream" which you can easily do using the Wireshark GUI. Thanks.
> > --
> > Mathew Brown
> > mathewbrown@xxxxxxxxxxx
>
> Hi Mathew,
>
> I don't know if Tshark can rebuild a TCP stream such that the result
> is a representation of the TCP payload, but Tcpflow can.
>
> http://www.circlemud.org/~jelson/software/tcpflow/
>
> Sincerely,
>
> Richard
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Mathew Brown
mathewbrown@xxxxxxxxxxx
--
http://www.fastmail.fm - Faster than the air-speed velocity of an
unladen european swallow
