Extract layer 7 data from packet capture

If you want to extract the tcp payload of a set of packets (A tcp stream for example) Below command comes handy.

tshark -r test.pcap -2 -R"tcp.port==444" -T fields -e data  | tr -d '\n' | xxd -r -p > layer7_data

xxd converts ASCII hex to binary.


---