#!/bin/bash
# Usage: ./extract-tcp.sh input.pcap output.txt

if [ "$#" -ne 2 ]; then
    echo "Usage: $0 <input.pcap> <output.txt>"
    exit 1
fi

INPUT="$1"
OUTPUT="$2"

# Extract TCP packet information with headers and payload data
tshark -r "$INPUT" -Y "tcp" -T fields \
    -e data \
    -e frame.number \
    -e frame.time_relative \
    -e ip.src \
    -e ip.dst \
    -e tcp.srcport \
    -e tcp.dstport \
    -e tcp.seq \
    -e tcp.ack \
    -e tcp.flags \
    -e tcp.flags.syn \
    -e tcp.flags.ack \
    -e tcp.flags.fin \
    -e tcp.flags.reset \
    -e tcp.flags.push \
    -e tcp.len \
    -E header=y \
    -E separator="|" > "$OUTPUT"

echo "TCP packet analysis written to $OUTPUT"
echo "Format: HexData|Frame#|Time|SrcIP|DstIP|SrcPort|DstPort|Seq|Ack|Flags|SYN|ACK|FIN|RST|PSH|DataLen"