Better way of putting this, I am looking for the same output as in wireshark:
Follow TCP Stream->Save As(Raw)
-AG
From: Average Guy <averageguy333@xxxxxxxxx>
To: wireshark-users@xxxxxxxxxxxxx
Sent: Mon, December 27, 2010 1:27:14 PM
Subject: [Wireshark-users] tshark Question
Greetings,
I am trying to extract the TCP Payload
from reassembled TCP streams in Windows. The data I am interested in can be found
in tshark output when -x option is used. When -x is used, the
section/filed is called "Reassembled TCP". I can not find an option or
field in tshark to print or output this section. In short I am trying to
do the same thing tcpflow does in Linux
and dump the payload of reassembled TCP streams. There is no particular
reason why I am using tshark since it is the only tool(win32) I have
found so far but I am open to suggestions. Thank you in advance.
AG
