Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: tshark 2.4 New Feature - Command Line Export Objects - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
tshark 2.4 New Feature - Command Line Export Objects

There is nothing new about Wireshark releasing an update; however, the new 2.4 branch has new feature that is quite useful that I have been waiting to be able to use for a while. In case you missed it, tshark now has the ability to Export Objects. I have tested the export using large pcap files with multiple objects and tshark does a good job "dumping" all the files in the specified directory (i.e. destdir).

To extract HTTP or SMB objects from the command-line, run the following command:

tshark -nr file.pcap --export-objects http,destdir
tshark -nr file.pcap --export-objects smb,destdir


[1] https://www.wireshark.org/#download

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

 Guy

522 Posts
ISC Handler
Aug 19th 2017
Thread locked Subscribe Aug 19th 2017
4 years ago

Sign Up for Free or Log In to start participating in the conversation!