Re: tshark Question

[Abhijit Bare <abhibare () gmail com>]

Wondering if this thread will help you...

http://www.wireshark.org/lists/wireshark-users/201005/msg00221.html

On Mon, Dec 27, 2010 at 1:19 PM, Average Guy <averageguy333 () yahoo com>wrote:

> Better way of putting this, I am looking for the same output as in
> wireshark:
>
> Follow TCP Stream->Save As(Raw)
>
> -AG
>
> ------------------------------
> *From:* Average Guy <averageguy333 () yahoo com>
> *To:* wireshark-users () wireshark org
> *Sent:* Mon, December 27, 2010 1:27:14 PM
> *Subject:* [Wireshark-users] tshark Question
>
> Greetings,
>
> I am trying to extract the TCP Payload from reassembled TCP streams in
> Windows. The data I am interested in can be found in tshark output when -x
> option is used. When -x is used, the section/filed is called "Reassembled
> TCP". I can not find an option or field in tshark to print or output this
> section. In short I am trying to do the same thing tcpflow does in Linuxand dump the payload of reassembled TCP 
> streams. There is no particular
> reason why I am using tshark since it is the only tool(win32) I have found
> so far but I am open to suggestions.  Thank you in advance.
>
> AG
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe