I have a pcap of ICMP packets. I am trying to use tshark to extract the payload data so that I can extract a specific byte offset.
The tshark documentation is highly convoluted, especially for me, a beginner.
I've been searching around a lot and I'm trying to piece together a command for the purpose of my goal.
I can run the following command:
shark -r test.pcapng -Y icmp -z flow,icmp,network > output.bin
But it only outputs the packet list as it were shown in Wireshark.
For example, I am trying to extract the following byte offset from each packet (offset 22):
How would I go about extracting a specific byte offset with tshark?
EDIT:
Issuing the following command only returns a portion of the payload data, how can I get all of it?
tshark -r test.pcapng -Y "frame.number == 13" -T fields -e data -w output.bin
