Greetings,
I am trying to extract the TCP Payload from reassembled TCP streams in Windows.
The data I am interested in can be found in tshark output when -x option is
used. When -x is used, the section/filed is called "Reassembled TCP". I can
not
find an option or field in tshark to print or output this section. I have
looked at the source code and found the section printing this field when -x is
used, but I was wondering is there is an easier way to get access to this field
instead of changing stuff in the source and recompiling in Windows.In short I
am
trying to do the same thing tcpflow does in Linux and dump the payload of
reassembled TCP streams. There is no particular reason why I am using tshark
since it is the only tool(win32) I have found so far but I am open to
suggestions. Thank you in advance.
AG
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
