r/wireshark

Howdy Friends.

I'm sure this question has been answered in a manpage or even in a forum post in some manner in the past, but I'm pretty dense and usually require direct instruction. Also I'm lazy.

I'm wondering if I use tshark or editcap for this and need some help putting together a script or .bat file that can do the following - let's say I have 100 captures that were unfiltered.

I need to generate 3 files from each - one containing tcp, one containing udp and icmp, and one containing all traffic that's not either of those. I know how to open each file individually, apply display filters and export the files I need. But that's going to take hours. I'm hoping there's a way to automate this - does anybody have any insight? I've already used editcap to manipulate the snaplen of all the captured packets - that's pretty easy. I just need to speed up the production of the filtered files.

Thanks in advance for any advice.