Ask Your Question

How to read a pcap file packet per packet

asked 2020-04-13 09:40:25 +0000

alajeb gravatar image

I want to read a pcap file packet per packet and I didn't figure out how to do this. For example, I want to take the first packet in the pcap apply the filter tls.record.length to read it TLS record length and if this length is equal to a value append it to a list. I want to do this with a script. Any help please?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-04-13 10:36:09 +0000

grahamb gravatar image

Use tshark and supply options such as -T fields -e FieldYouWant1 -e FieldYouWant2 ... to give csv output. You can have as many -e fieldname arguments as you need. Note that if the field isn't present in a packet you will get a blank.

The output can be processed by the script language of your choice.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-04-13 09:40:25 +0000

Seen: 288 times

Last updated: Apr 13 '20