Find in files

asked 2019-11-28 15:25:37 +0000

Greetings.

I have captured many files of 250MB each for days. Now I have a bit more than 4000 files.

I'd like to find the files where there is a specific flags (0x011). Is there an option where I can "find in files" an expression ?

It will be faster than oppening each file and check with the display filter.

For instance, Notepadd++ has this feature and it's very efficient.

Thanks for your help !

NB : for the next time, I'll set a better capture filter (I just found it). But for this time, I need to retrieve info from the files already cpatured.

edit retag flag offensive close merge delete

Comments

Specific flags in which protocol? You can also use the scripting language of your choice and tshark to run the search over multiple files.

grahamb ( 2019-11-28 15:42:36 +0000 )edit

Hi Graham, tks for your reply.

flags = tcp.flags=0x011.

if tshark can do this, perfect, what should be the command then ?

atchoubaka ( 2019-11-28 15:59:39 +0000 )edit

add a comment

Comments

tks. i'll try.

atchoubaka ( 2019-11-28 17:07:07 +0000 )edit

tshark: The specified data link type "tcp.flags == 0x011" isn't valid

atchoubaka ( 2019-11-28 17:12:57 +0000 )edit

got it... I did not write -Y but -y. with -Y, works perfectly. tks

atchoubaka ( 2019-11-28 17:16:59 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Find in files

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Find in files edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Find in files