 | 1 | initial version |
If you know the stream you want:
C:\>mergecap -w - *018152* | tshark -r - -w 231019_stream_2.pcapng tcp.stream==2
Or you could write a script to build a file per tcp.stream:
#!/bin/bash
for TCP_STREAM in `mergecap.exe -w - *018152* | tshark.exe -r - -T fields -e tcp.stream -Y tcp.stream | sort -n | uniq`
do
TCP_STREAM=`echo $TCP_STREAM | tr -d "\r\n"`
OUTFILE="211019_stream_${TCP_STREAM}.pcapng"
mergecap.exe -w - *018152* | tshark.exe -r - -w ${OUTFILE} tcp.stream==${TCP_STREAM}
done