On Tue, Sep 26, 2017 at 07:11:48AM -0400, James Knott via talk wrote: > On 09/26/2017 12:47 AM, William Park via talk wrote: > > To network experts... > > > > From Wireshark, I can click "TCP Follow" tab and extract one-way data > > flow from a tcp stream. I can do this manually, one by one. But, I > > have many many streams. > > > > Does anyone know how to extract one-way data stream via script? > > > > Google says > > tshark -q -r capture.pcapng -z follow,tcp,raw,0 > > where '0' is the tcp stream number 0. But, it gives me data moving both > > ways. I just want data moving one-way. > > Doesn't following stream in Wireshark also capture both directions? > Perhaps, after exporting, you could filter out what you need.
How to filter it using Wireshark/Tshark/etc? :-) I can filter after-the-fact, but it's messy. -- William Park <[email protected]> --- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
