1 | initial version |
(Test file on Wireshark wiki )
$ cat ./mktcpfile
#!/bin/bash
TIMESTAMP=""
PAYLOAD=""
read TIMESTAMP PAYLOAD
while [ "$TIMESTAMP" ]
do
echo $TIMESTAMP
echo $PAYLOAD > $TIMESTAMP.txt
read TIMESTAMP PAYLOAD
done
$ tshark -r ../200722_tcp_anon.pcapng -T fields -e tcp.time_relative -e tcp.payload -Y tcp.payload | ./mktcpfile
0.004678000
0.005701000
0.005734000
0.005745000
0.005752000
0.005762000
0.005770000
0.005776000
8.657441000
10.162740000
12.385270000
$
$ ls
0.004678000.txt 0.005734000.txt 0.005752000.txt 0.005770000.txt 10.162740000.txt 8.657441000.txt
0.005701000.txt 0.005745000.txt 0.005762000.txt 0.005776000.txt 12.385270000.txt mktcpfile
$ cat ./0.004678000.txt
68656c6c6f0a
$
Sharkfest video on using tshark:
SF19US - 04 Solving (SharkFest) packet capture challenges with only tshark (Sake Blok)