i want to filter out specific tcp packets that contain a specific string in the frame data (data.data)
As you may know, you can't write to file and use a display filter at the same time, and i wonder if there's a workaround for this?
dumpcap -i 1 -f "tcp port 8800" -Y "frame contains FILE" -w "data.txt"
this is what i want. but it gives me error message that i described above.
