I need to scan through several hundred capture files and
pull out all of the 9 character ID’s on certain request packets.
I’m using the following tshark command: tshark -r cfile0001.cap
-R "data contains NETN" -Tfields -edata
However, I cannot find a way in tshark to get this to output
as text, only as a byte array. I’ve tried –edata-text-lines, and
various other things from the tshark man page, but so far no luck.
Ideally, I would like to extract the ID’s that are at
a fixed byte offset.. I tried –edata[66:9] but this displayed only blank
lines……..
Any help would be much appreciated!
David
