|
Hi guys. Maybe there is a method, to save or convert wireshark capture file directly to txt? For example, to get the same output into txt file, as we can see, when we press the button "Follow tcp stream" ? |
|
You can use tshark (Version >= 1.7) for that:
The number is the TCP stream number. UPDATE: You can also try the tshark option -V (all protocol fields "expanded" --> a lot of output").
You can combine both options (-V and -z). Regards We can save the capture without opening .cap file at all?
(26 Jun '12, 07:59)
jomajo
I'm not sure what you mean by "save the capture without opening .cap file". tshark expects an input file which it opens to extract the data. Maybe you can tell me a bit more .....
(26 Jun '12, 08:01)
Kurt Knochner
:) I am capturing some data. Next day, when I come to check the data, I see few .txt files generated, and when I open these, I can see just tcp stream data ( as you said, ascii characters). It would be nice , if it is possible?
(26 Jun '12, 09:18)
jomajo
Ah, you want to do it on the fly, without saving the captured data. No, that is not possible with Wireshark or tshark. Take a look at tcpflow (Unix tool) BTW: There is a similar question
(26 Jun '12, 17:02)
Kurt Knochner
|
