tshark get data from interface or pcap files. When it read data from interface, user has to write filter with -f (accortding to pcap-filter(7)) and when read from file user has to write filter with -Y (according to wireshark-filter(4))
**My scenario:**
I have to read pcap files, So I have to use wireshark-filter syntax.I have src address, dst address, src port and dst port. But I don't know type of session(TCP or UDP). wireshark syntax has the following options for port: tcp.dstport tcp.srcport udp.dstport udp.srcport tcp.port udp.port I don't know my packets are TCP or UDP, and I need to write filter according to dst port and src port. How to implement with
tshark and -Y?
Asked by PersianGulf
(11308 rep)
Mar 2, 2022, 10:06 AM
Last activity: Dec 23, 2022, 03:44 PM
Last activity: Dec 23, 2022, 03:44 PM