All,
I simplified this email from the last post, but basically, I want to
extract all message bodies from network traffic using tshark at the command
prompt. We are doing this for all email originating within our network but not
using our mail servers. I see all the available fields in the
how to extract this data using tshark at a command line. Any
thoughts?
< snipped all frame, udp, etc stuff>
On Wed, Mar 26, 2008 at 04:06:50PM -0500, Mark Sass wrote:
> I am trying to extract fie
All,
I am trying to extract fields from pcap files using tshark. I am currently
using a format like this:
tshark -r pcapfile -R "tcp.port eq xxx" -Tfields -e field1 -e field2
I don't see the fields I wanted listed on the wireshark display filter
reference listing, and when looking at the
