Sam Stelfox

Thoughts from a software engineer, systems hacker and Linux gubernāre.


yum install wireshark -y

Streams w/ PCAPs

First you'll need to extract the stream numbers:

tshark -r dump.pcap -T fields -e

Then you can extract the content of the streams using the stream number you specified:

tshark -r dump.pcap -T fields -e text eq $stream