Better way of putting this, I am looking for the same output as in Wireshark:
Follow TCP Stream->Save As(Raw)
From: Average Guy <averageguy333@xxxxxxxxx>
To: wireshark-dev@xxxxxxxxxxxxx
Sent: Mon, December 27, 2010 1:41:17 PM
Subject: [Wireshark-dev] tshark Question
Greetings,
I am trying to extract the TCP Payload
from reassembled TCP streams in Windows. The data I am interested in
can be found
in tshark output when -x option is used. When -x is used, the
section/filed is called "Reassembled TCP". I can not find an option or
field in tshark to print or output this section. I have looked at the
source code and found the section printing this field when -x is used,
but I was wondering is there is an easier way to get access to this
field instead of changing stuff in the source and recompiling in
Windows.In short I am trying to
do the same thing tcpflow does in Linux
and dump the payload of reassembled TCP streams. There is no particular
reason why I am using tshark since it is the only tool(win32) I have
found so far but I am open to suggestions. Thank you in advance.
AG
