Re^3: filter tcpdump packets

Tshark is another application that identical to Tcpdump

No, it's much more powerful - have a look again at the tshark manpage, especially the -T fields and -e options. You can use them to output Wireshark's tcp.options.mss_val field.

As for your output, it looks like the packets don't contain an MSS option, or, if you know the packets do have one, NetPacket::TCP isn't parsing them correctly, in that case file a bug with the module.

Comment on Re^3: filter tcpdump packets Select or Download Code

Replies are listed 'Best First'.
Re^4: filter tcpdump packets by syboar (Novice) on Sep 01, 2014 at 12:38 UTC
You can use them to output Wireshark's tcp.options.mss_val field. Agreed Tshark will be helpful and more easy to implement wireshark filters. My understanding was Tshark is used with Java. Identical to Tcpdump for Perl. Definitely give a try to use Tshark in Perl. There's a Tshark PM too. I've been parsing input pcap file that don't contain mss option. here is the output with mss option. Thank you ===output=== `$VAR1 = { 'sack' => 2, 'mss' => 1460, 'ws' => 8 };` [download] ===output===	[reply] [d/l]

Replies are listed 'Best First'.

Re^4: filter tcpdump packets
by syboar (Novice) on Sep 01, 2014 at 12:38 UTC

You can use them to output Wireshark's tcp.options.mss_val field.

Agreed Tshark will be helpful and more easy to implement wireshark filters. My understanding was Tshark is used with Java. Identical to Tcpdump for Perl. Definitely give a try to use Tshark in Perl. There's a Tshark PM too. I've been parsing input pcap file that don't contain mss option. here is the output with mss option.

Thank you

===output===

$VAR1 = {
          'sack' => 2,
          'mss' => 1460,
          'ws' => 8
        };
[download]

===output===

[reply]
[d/l]