tshark and pcapline from Wesley McGrew

I came across where I wanted to separate out TCP streams and I found a couple of solutions that met my needs.  The first solution is using tshark and I found it at the following link and I have adapted and saved the bash script below:



#!/bin/bash

# This is a script that seperates out based on a tcp.stream's of a pcap
# Adapted from the script found at https://ask.wireshark.org/questions/4677/easy-way-to-save-tcp-streams
# Check to see if the argument for the pcap file has been supplied
if [ $# -eq 0 ]; then
	echo "Usage: ./script.sh file.pcap"
	echo
	exit
else
	pcapFile=$1
fi

# Create the output directory if it does not exist
outputDir="output"
if [ ! -d $outputDir ]; then
	mkdir output
fi

# Seperate the streams into seperate files
for stream in `tshark -r ${pcapFile} -T fields -e tcp.stream | sort -n | uniq`
do
    tshark -r ${pcapFile} -w $outputDir/stream-$stream.cap -Y "tcp.stream==$stream"
done



The second script was pcapline by Wesley McGrew.  I only made one change to fix the title tag in the html to allow the html to output correctly in Chrome and Firefox.  The original code is located here and below with my incorporated change I have placed it on my drive here.

Comments

Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

Python - Vega Conflict Script to Maximize Fleet Sizes based on Fleet Mass

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3