I want filter first 100 packets inside a pcap file and show the result on stdout. for filtering first 100 packet I used below command:
editcap -r test.pcap output.pcap 1-100
for showing result and filtering packet for the further purpose I want to used tcpdump.
tcpdump -tttt tcp and host ip 192.168.1.1 -r inputfile.pcap
i want to redirect output of editcap to tcpdump, like this:
editcap -r test.pcap - | tcpdump -tttt tcp and host ip 192.168.1.1 -r -
but in this command I couldnt filter first 100 packets. Is it possible to do so?? If not is it possible to rediredt output of editcap to RAM and then the tcpdump read from RAM ??
thanks in advanced.
P.S by the way, I don't want to use the below command, because this command read the all Packet inside the file. I need the command read some packets inside he pcap file and shows then was finished the job.
tshark -r ~/test1.pcap -R "frame.number<20 and frame.number>10"
