Created
May 19, 2015 12:51
-
-
Save MBtech/203a0c65d85f6d1824cc to your computer and use it in GitHub Desktop.
This script creates a tshark command that can be used to filter the tcp streams that were initiated by client side
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
tshark -r ip_complete.pcap -2R "ip.src==10.0.1.1 and tcp.flags.syn==1 and tcp.flags.ack!=1" -n -Tfields -e tcp.stream > stream_names | |
sleep 10 | |
cmd="tshark -r ip_complete.pcap -2R \"ip.src==10.0.1.1 and (" | |
while read line; | |
do | |
new="tcp.stream eq $line or " | |
cmd=$cmd$new | |
done < stream_names | |
cmd=$cmd"tcp.stream eq 10000)" | |
cmd=$cmd"\" -w test.pcap" | |
echo $cmd | |
eval "$cmd" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment