diff options
Diffstat (limited to 'executables/extract-tcp.sh')
| -rw-r--r-- | executables/extract-tcp.sh | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/executables/extract-tcp.sh b/executables/extract-tcp.sh new file mode 100644 index 0000000..26a6f91 --- /dev/null +++ b/executables/extract-tcp.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Usage: ./extract-tcp.sh input.pcap output.txt + +if [ "$#" -ne 2 ]; then + echo "Usage: $0 <input.pcap> <output.txt>" + exit 1 +fi + +INPUT="$1" +OUTPUT="$2" + +# Extract TCP packet information with headers and payload data +tshark -r "$INPUT" -Y "tcp" -T fields \ + -e data \ + -e frame.number \ + -e frame.time_relative \ + -e ip.src \ + -e ip.dst \ + -e tcp.srcport \ + -e tcp.dstport \ + -e tcp.seq \ + -e tcp.ack \ + -e tcp.flags \ + -e tcp.flags.syn \ + -e tcp.flags.ack \ + -e tcp.flags.fin \ + -e tcp.flags.reset \ + -e tcp.flags.push \ + -e tcp.len \ + -E header=y \ + -E separator="|" > "$OUTPUT" + +echo "TCP packet analysis written to $OUTPUT" +echo "Format: HexData|Frame#|Time|SrcIP|DstIP|SrcPort|DstPort|Seq|Ack|Flags|SYN|ACK|FIN|RST|PSH|DataLen" |