Revision history [back]

When I compare the output of this command,

 & 'C:\Program Files\Wireshark\tshark.exe' -nr 'D:\pcap\test\output_0932.pcap' -z follow,tcp,ascii,0 -Y tcp -w tshark.ascii.dat | Out-Null

which I believe should be the equivalent of "follow TCP stream" in the Wireshark GUI I get different outputs.

The TShark output is more or less the same, but there is more (a TShark header at the top for example).

Is there anyway to get exactly the same output?

The GUI gives me what I want, but I would like to script the process using TShark.

Thanks!

When I compare the output of this command,

 & 'C:\Program Files\Wireshark\tshark.exe' -nr 'D:\pcap\test\output_0932.pcap' -z follow,tcp,ascii,0 follow,tcp,raw,0 -Y tcp -w tshark.ascii.dat tshark.dat | Out-Null

which I believe should be the equivalent of "follow TCP stream" in the Wireshark GUI I get different outputs.

The TShark output is more or less the same, but there is more (a TShark header at the top for example).

Is there anyway to get exactly the same output?

The GUI gives me what I want, but I would like to script the process using TShark.

Thanks!

When I compare the output of this command,

 & 'C:\Program Files\Wireshark\tshark.exe' -nr 'D:\pcap\test\output_0932.pcap' -z follow,tcp,raw,0 -Y tcp -w tshark.dat | Out-Null

which I believe should be the equivalent of "follow TCP stream" in the Wireshark GUI I get different outputs.

The TShark output is more or less the same, but there is more (a TShark header at the top for is one example).

Is there anyway to get exactly the same output?

The GUI gives me what I want, but I would like to script the process using TShark.

Thanks!