Tshark TCP stream assembly
I want to use Tshark to do TCP stream assembly .But I can only find the command in user's guide. “tshark -r pcapfile tcp.stream > outfile.txt” "tshark -r pcapfile conv.tcp"> outfile.txt But I want to follow all tcp conversations and split the tcp stream in the same conversation into different files.What should I do? eg: tcpconversation1.txt, includes the whole tcp streams in the tcp conversations.
Can you expand on your question a bit? Do you want the output file to contain all the packets from tcp steam 0, followed by tcp stream 1, etc., or do you want each stream in a separate file, e.g. tcp stream 0 in tcpconversation0.txt, etc.
Thanks for your question.I want the tcp streams in the same conversation in the same file. Suppose there is a conversation between a & b, there are ten tcp streams in the conversation, I want the ten tcp streams in the same file.
code:
Sorry,I really don't know how to put the code with format.
output:
(more)