November 7, 2013

Tshark decode and dump packets

Suppose you have the captured file, just use the following command to dump the first frame:

tshark -r ~/hcm_stigs/snmp.pcapng -Y frame.number==1 -Vx

-V: decode and print packet details
-x: print packet payload in Hex
-Y frame.number==1: only decode the first frame

No comments:

Post a Comment