Search for a string in packet bytes of a pcap file using tshark

I am able to search for a string in the in packet bytes of a pcap capture using Wireshark. Is there similar functionality available in tshark ?

I already have the pcap files. But I need to go through them quickly to find the matching strings in the packet bytes.

3

1 Answer

You ought to be able to find packets containing strings of interest using either the contains or matches operators, depending on your needs. For example:

tshark -r foo.pcap -Y "frame contains foo"

For more information on Wireshark display filters, refer to the wireshark-filter man page.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy