Display like filter without using Wireshark GUI.

[sean bzd <seanbzd () gmail com>]

Wireshark experts,
Probably a dump question but is there a concept of display filter without
using wireshark GUI? Meaning that I'm capturing traffic using dumpcap using
some capture filter. Is there a way to filter further (like a display
filter) without loading the .pcap file in the wireshark? I'm interested in
locating a byte series (e.g. 04 02 FF 01 32)in the capture files. I know how
to do this in wireshark but am wondering if there is a way to do this using
someother tool so that I can use some kind of script to determine if the
capture files contain this series intead of load each capture file in
wireshark and applying the display filter. I also tried using tshark's
option of saving the capture file in ascii format and looking for a series
but it breaks down if the bytes are spread across multiple lines.

TIA,
Sean

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe