Ask Your Question
0

How to read a pcap file packet per packet

asked 2020-04-13 09:40:25 +0000

alajeb gravatar image

I want to read a pcap file packet per packet and I didn't figure out how to do this. For example, I want to take the first packet in the pcap apply the filter tls.record.length to read it TLS record length and if this length is equal to a value append it to a list. I want to do this with a script. Any help please?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-04-13 10:36:09 +0000

grahamb gravatar image

Use tshark and supply options such as -T fields -e FieldYouWant1 -e FieldYouWant2 ... to give csv output. You can have as many -e fieldname arguments as you need. Note that if the field isn't present in a packet you will get a blank.

The output can be processed by the script language of your choice.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-04-13 09:40:25 +0000

Seen: 278 times

Last updated: Apr 13 '20

Related questions

Delay in GOOSE Subscription

What is the syntax for wireshark custom column

Tshark output file problem, saving to csv or txt

How to convert Pcapng file to pcap file by Tshark

Can I create a capture filter on a pcap file

How can I extract parameters from pcap

How to figure out cookies from pcap files?

extract only payload parts of packets of pcap file

Is there a maximum file size for pcap-files?

How to use rawshark to analyse a pcap file which is generated by tcpdump?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2