Producing greppable output with tshark

Tshark is the command-line cousin of open-source packet capturing software - Wireshark. The trick is to use the '-e' and '-Tfields' parameters to get the desired fields. The names of the fields can be found by opening the 'input.pcap' file with wireshark and clicking "+expression" button next to filter text box.

Example:

tshark -e frame.time_relative -e frame.number -e frame.len -e ip.src -e ip.dst -e dccp.ccval -e dccp.type -e dccp.seq -e ip.len -Tfields -r input.pcap

Splitting 4 GB or bigger files for Fat32

Fat32 can not handle files bigger than 4 gigabytes. Surprisingly Fat32 still prevails on almost every USB stick. 'Split' command in Linux can be very handy to transfer files bigger than 4 gig using USB sticks.

Copy & paste the following to split file on Linux:

split --verbose --numeric-suffixes --bytes=3990000000 'large_input_file.mkv' 'output_'

Joining can be done by 'cat' or 'copy /B' on Windows.