Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Automating TCP stream extraction

From: "Nick Chorley" <nick.chorley@xxxxxxxxx>
Date: Thu, 2 Aug 2007 09:13:24 +0100

On 01/08/07, Sake Blok <sake@xxxxxxxxxx> wrote:
On Wed, Aug 01, 2007 at 07:49:42PM +0100, Nick Chorley wrote:
> On 01/08/07, Sake Blok <sake@xxxxxxxxxx> wrote:
>  Thanks for this, Sake. I haven't had a chance to try it out yet but will do
> so soon and let you know how I get on.

Your welcome :-)
It was a nice exercise to get the syntax right...

I did however see some error slip by in the first option:

> > for f in `cat <file-with a filter per line> | tr " " "_"`
> > do
> >    echo "processing file with filter $filter"
> >    filter=`echo $f | tr "_" " "`
> >    tshark -r <input-file> -w $filter.cap -R "$filter"
> > done

This should of course read:

for f in `cat <file-with a filter per line> | tr " " "_"`
   filter=`echo $f | tr "_" " "`
   echo "processing file with filter $filter"
   tshark -r <input-file> -w $f.cap -R "$filter"

Otherwise the echo won't show you the filters used and the -w
option would get an invalid filename...

I ran this and tshark ended with an exception:

Unhandled exception (group=1, code=6)
./ line 3: 30064 Aborted                 tshark -r tcp3 -w $f.cap -R "$filter"

Maybe this is because I'm using a big input file? 





Wireshark-users mailing list