On 09/26/2017 07:11 AM, James Knott via talk wrote:
On 09/26/2017 12:47 AM, William Park via talk wrote:
To network experts...
From Wireshark, I can click "TCP Follow" tab and extract one-way data
flow from a tcp stream. I can do this manually, one by one. But, I
have many many streams.
Does anyone know how to extract one-way data stream via script?
Google says
tshark -q -r capture.pcapng -z follow,tcp,raw,0
where '0' is the tcp stream number 0. But, it gives me data moving both
ways. I just want data moving one-way.
Doesn't following stream in Wireshark also capture both directions?
Perhaps, after exporting, you could filter out what you need.
you could capture only one way traffic by filtering the input with
something like "dst host 1.2.3.4".
I am not sure how that would impact the tcp stream following though.
--
Alvin Starr || land: (905)513-7688
Netvel Inc. || Cell: (416)806-0133
[email protected] ||
---
Talk Mailing List
[email protected]
https://gtalug.org/mailman/listinfo/talk
