tshark and pcapline from Wesley McGrew

I came across where I wanted to separate out TCP streams and I found a couple of solutions that met my needs.  The first solution is using tshark and I found it at the following link and I have adapted and saved the bash script below:


# This is a script that seperates out based on a tcp.stream's of a pcap
# Adapted from the script found at https://ask.wireshark.org/questions/4677/easy-way-to-save-tcp-streams
# Check to see if the argument for the pcap file has been supplied
if [ $# -eq 0 ]; then
	echo "Usage: ./script.sh file.pcap"

# Create the output directory if it does not exist
if [ ! -d $outputDir ]; then
	mkdir output

# Seperate the streams into seperate files
for stream in `tshark -r ${pcapFile} -T fields -e tcp.stream | sort -n | uniq`
    tshark -r ${pcapFile} -w $outputDir/stream-$stream.cap -Y "tcp.stream==$stream"

The second script was pcapline by Wesley McGrew.  I only made one change to fix the title tag in the html to allow the html to output correctly in Chrome and Firefox.  The original code is located here and below with my incorporated change I have placed it on my drive here.


Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3

vulnhub - Pandora's Box by c0ne Level 1 - Following walkthrough by strata