tshark output reassembled frame and rest also

asked 2023-10-15 14:44:19 +0000

illouzy@gmail.com gravatar image

updated 2023-10-15 14:52:59 +0000

Is there a way to save tshark output reassembled? and also packet that didn't get into the "OSI layer 7". Perhaps to create a tap in code that will receive all packet that don't answer to OSI layer 7

I saw the following command, but it output only the layer 7 , so i am missing all the other packets tshark -U "OSI layer 7" -2

if there are only eth->ip->tcp layers, the packet are not saved in output with this command

edit retag flag offensive close merge delete

Comments

You would like layer 4 and layer 7 in the same output file?

WSUG 5.7.4. The “Export PDUs to File…​” Dialog Box

OSI layer 4. You can use it to export PDUs encapsulated in the TCP or UDP protocols.

OSI layer 7. You can use it to export the following protocols: CredSSP over TLS, Diameter, protocols encapsulated in TLS and DTLS, H.248, Megaco, RELOAD framing, SIP, SMPP.

Chuckc gravatar imageChuckc ( 2023-10-15 16:20:31 +0000 )edit

this is not what i need, i need to export the reassembled packets, and all other packet that are not reassembled ( like simple tcp or sctp packet)

illouzy@gmail.com gravatar image[email protected] ( 2023-10-16 11:44:11 +0000 )edit
add a comment