| 12345678910111213141516171819202122232425262728293031323334 |
- #!/bin/bash
- # Usage: ./extract-tcp.sh input.pcap output.txt
- if [ "$#" -ne 2 ]; then
- echo "Usage: $0 <input.pcap> <output.txt>"
- exit 1
- fi
- INPUT="$1"
- OUTPUT="$2"
- # Extract TCP packet information with headers and payload data
- tshark -r "$INPUT" -Y "tcp" -T fields \
- -e data \
- -e frame.number \
- -e frame.time_relative \
- -e ip.src \
- -e ip.dst \
- -e tcp.srcport \
- -e tcp.dstport \
- -e tcp.seq \
- -e tcp.ack \
- -e tcp.flags \
- -e tcp.flags.syn \
- -e tcp.flags.ack \
- -e tcp.flags.fin \
- -e tcp.flags.reset \
- -e tcp.flags.push \
- -e tcp.len \
- -E header=y \
- -E separator="|" > "$OUTPUT"
- echo "TCP packet analysis written to $OUTPUT"
- echo "Format: HexData|Frame#|Time|SrcIP|DstIP|SrcPort|DstPort|Seq|Ack|Flags|SYN|ACK|FIN|RST|PSH|DataLen"
|
