
On Tue, Sep 26, 2017 at 07:11:48AM -0400, James Knott via talk wrote:
On 09/26/2017 12:47 AM, William Park via talk wrote:
To network experts...
From Wireshark, I can click "TCP Follow" tab and extract one-way data flow from a tcp stream. I can do this manually, one by one. But, I have many many streams.
Does anyone know how to extract one-way data stream via script?
Google says tshark -q -r capture.pcapng -z follow,tcp,raw,0 where '0' is the tcp stream number 0. But, it gives me data moving both ways. I just want data moving one-way.
Doesn't following stream in Wireshark also capture both directions? Perhaps, after exporting, you could filter out what you need.
How to filter it using Wireshark/Tshark/etc? :-) I can filter after-the-fact, but it's messy. -- William Park <opengeometry@yahoo.ca>