tshark deletes out-of-order and retransmission packets:
tshark -2 -R "not tcp.analysis.retransmission && not tcp.analysis.out_of_order" -r 源文件.pcap -w 目标文件名.pcap'
tshark gets the tcp stream and saves it in text format
tshark -r 源文件.pcap -qz follow,tcp,raw,tcp流的编号
The stream number starts at 0.
Where raw is a hexadecimal string representing the data of the stream:
it can also be displayed in hex, and there is a data offset:
tshark obtains the TCP stream and saves it as a pcap file
tshark -2 -R "tcp.stream eq 0" -r 源文件.pcap -w 目标文件名.pcap
The filtering rules in -R "xxx" are actually the filtering rules written in wireshark.
tshark get UDP stream
The method is the same as that of the tcp stream, except that all "tcp" in the command is changed to "udp".
tshark gets the ID of all tcp streams
tshark.exe -r .\1592690823_clear.pcap -Tfields -e tcp.stream
Sort the output results to get the largest tcp.stream ID.
tshark gets the ID of all udp streams
The method is the same as the method of obtaining the ID of the tcp stream, just change tcp to udp.