On 09/26/2017 12:47 AM, William Park via talk wrote: > To network experts... > > From Wireshark, I can click "TCP Follow" tab and extract one-way data > flow from a tcp stream. I can do this manually, one by one. But, I > have many many streams. > > Does anyone know how to extract one-way data stream via script? > > Google says > tshark -q -r capture.pcapng -z follow,tcp,raw,0 > where '0' is the tcp stream number 0. But, it gives me data moving both > ways. I just want data moving one-way.
Doesn't following stream in Wireshark also capture both directions? Perhaps, after exporting, you could filter out what you need. --- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
