 | 1 | initial version |
Use tshark an the -T fields option to extract the 5-tuple, i.e.
tshark -r your.pcap -T fields -e ip.proto -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport
| | 2 | No.2 Revision |
Use tshark an and the -T fields option to extract the 5-tuple, i.e.
tshark -r your.pcap -T fields -e ip.proto -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport