I am trying to filter a capture file that was captured by a remote AP. If i pull the file to my laptop i can open in Wireshark decode as peekremote and create the display filter EAPOL to get the packets i want.
However i have about 100Gbs of data on the capture server and i would like to know if i can do this with Tshark or other tool on the linux server directly
Something like this but this just copies the file I just want to output the files to the EAP traffic. Does anyone have any thoughts I am not use to dealing with tshark.
tshark -r capture-18.pcap -J eapol -w test.pcap
Asked by DevilWAH
(101 rep)
Feb 3, 2023, 04:08 PM
Last activity: Feb 3, 2023, 08:23 PM
Last activity: Feb 3, 2023, 08:23 PM