Formatting TShark payload output with timestamp
Currently I'm outputting the ascii payload of tshark filtered packets:
tshark -i ens224 -l -T fields -e data host 192.168.1.123 and dst port 3423 | xargs -n1 -I{} echo "{}0d0a" | xxd -r -p -
where xxd is being used to convert the hex data in the data field to ascii.
tshark
-i interface name
-f host filter for local broadcast
-l flush stdout after each packet
-T fields output fields specified by -e
-e data tshark will only output undissected data in packets
xargs
-n1 trigger on one recieved cmd line arg
-i{} use {} for substitution in echo command
"{}0d0a" add crlf to hex string data from packet to flush stdout in xxd
echo use echo to aggregate hex data with crlf and pipe to xxd
xxd
-r reverse hex to ascii
-p plain text output
- take input from stdin
The output looks something like:
1 Data in packet
7 Data in another packet
I'd like to prepend that with the capture time.
1 15:20:32 Data in packet
7 15:23:01 Data in another packet
How do I do that?