On 09/26/2017 07:11 AM, James Knott via talk wrote:
On 09/26/2017 12:47 AM, William Park via talk wrote:
To network experts...
From Wireshark, I can click "TCP Follow" tab and extract one-way data flow from a tcp stream. I can do this manually, one by one. But, I have many many streams.
Does anyone know how to extract one-way data stream via script?
Google says tshark -q -r capture.pcapng -z follow,tcp,raw,0 where '0' is the tcp stream number 0. But, it gives me data moving both ways. I just want data moving one-way. Doesn't following stream in Wireshark also capture both directions? Perhaps, after exporting, you could filter out what you need.
you could capture only one way traffic by filtering the input with something like "dst host 1.2.3.4". I am not sure how that would impact the tcp stream following though. -- Alvin Starr || land: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||