Re: tshark Question

[Average Guy <averageguy333 () yahoo com>]

Better way of putting this, I am looking for the same output as in Wireshark:

Follow TCP Stream->Save As(Raw) 



________________________________
From: Average Guy <averageguy333 () yahoo com>
To: wireshark-dev () wireshark org
Sent: Mon, December 27, 2010 1:41:17 PM
Subject: [Wireshark-dev] tshark Question


Greetings,

I am trying to extract the TCP Payload from reassembled TCP streams in Windows. 
The data I am interested in  can be found  in tshark output when -x option is 
used. When -x is used, the  section/filed is called "Reassembled TCP". I can not 
find an option or  field in tshark to print or output this section. I have 
looked at the  source code and found the section printing this field when -x is 
used,  but I was wondering is there is an easier way to get access to this  
field instead of changing stuff in the source and recompiling in  Windows.In 
short I am trying to  do the same thing tcpflow does in Linux and dump the 
payload of reassembled TCP streams. There is no particular  reason why I am 
using tshark since it is the only tool(win32) I have  found so far but I am open 
to suggestions.  Thank you in advance. 


AG



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe