Home/ Questions/Q 8246321
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T22:28:06+00:00

It’s possible to read packet one by one from a file? I want to

  • 0

It’s possible to read packet one by one from a file?
I want to split my cap file in such a condition depend on the contents of packets, such as when I capture a long term packets stream, and I just need some packets to abstract, for example, I just want to abstract a tr069 session, from do a rpc calling to the end of response, then redirect these packets to a file, of course, they can mix many other packets, that’s no problem, I just need these packets during the seesion, then I keep the resulted file as my record, so how can do it?
tcpdump or tshark or any other unix utils?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Maybe filters of tcpdump solves your problem.
    You can read your cap file by using tcpdump and output filtered result directly to file.
    Example:

    tcpdump -r big.pcap -w small.pcap "src port 2438"

    See man page of pcap-filter(7) for more about filters.

    • 0