![]() ![]() You MUST send in raw packets without the header and only the pcap format is understood (i.e.works, but not tshark -r dhcp.pcap | rawshark. It doesn't integrate well with other Wireshark tools.There are multiple annoyances with the tool and the output: cat dhcp.pcap | rawshark -s -r -d encap:1 -F udp.portįT_UINT16 BASE_PT_UDP - 1 FT_UINT16 BASE_PT_UDP. For example, given the 4-packet dhcp.pcap from the Wireshark samples page, we can get UDP port information. Rawshark is an "extras" utility bundled with Wireshark that can read streams. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |