Hi,
I was wondering if there is any way of exporting objects from a pcap file using the command line. While the wireshark GUI and Network miner do a neat job of this, I need to export the objects as part of a script I'm working on. Tried Google, no luck. Would be grateful for any pointers on this. Thanks.
Wireshark
Started by
s.in
, Feb 03 2012 12:37 AM
2 replies to this topic
#2
.solo
-
- Members
-
- 80 posts
Gibson Hacker
Posted 10 February 2012 - 12:21 AM
You are looking for tshark (http://www.wireshark...ges/tshark.html).
#3
s.in
-
- Members
-
- 33 posts
H4x0r
Posted 10 February 2012 - 02:00 AM
Thanks for the response.
I've been looking at tshark and using it for picking up other stuff from my pcap
e.g. "tshark -r file.pcap -V -T fields -e http.cookie -e http.referer -e frame.time"
However,the problem i'm facing is in identifying / exporting objects, as opposed to data elements.
Would be grateful for a pointer - tshark or wireshark documentation dosent address this at all
I've been looking at tshark and using it for picking up other stuff from my pcap
e.g. "tshark -r file.pcap -V -T fields -e http.cookie -e http.referer -e frame.time"
However,the problem i'm facing is in identifying / exporting objects, as opposed to data elements.
Would be grateful for a pointer - tshark or wireshark documentation dosent address this at all
BinRev is hosted by the great people at Lunarpages!
