Re^2: filter tcpdump packets

Replies are listed 'Best First'.
Re^3: filter tcpdump packets by Anonymous Monk on Sep 01, 2014 at 11:43 UTC
Tshark is another application that identical to Tcpdump No, it's much more powerful - have a look again at the tshark manpage, especially the `-T fields` and `-e` options. You can use them to output Wireshark's `tcp.options.mss_val` field. As for your output, it looks like the packets don't contain an MSS option, or, if you know the packets do have one, NetPacket::TCP isn't parsing them correctly, in that case file a bug with the module.	[reply] [d/l] [select]
Re^4: filter tcpdump packets by syboar (Novice) on Sep 01, 2014 at 12:38 UTC
You can use them to output Wireshark's tcp.options.mss_val field. Agreed Tshark will be helpful and more easy to implement wireshark filters. My understanding was Tshark is used with Java. Identical to Tcpdump for Perl. Definitely give a try to use Tshark in Perl. There's a Tshark PM too. I've been parsing input pcap file that don't contain mss option. here is the output with mss option. Thank you ===output=== `$VAR1 = { 'sack' => 2, 'mss' => 1460, 'ws' => 8 };` [download] ===output===	[reply] [d/l]