tshark_read_pcap
Read and analyze a remote pcap file, extracting packets in JSON format with optional filter and field selection.
Instructions
Read and analyze a pcap file from the remote Kali machine. Returns packets in JSON format.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| file | Yes | Path to the pcap file on the remote host | |
| count | No | Maximum number of packets to return (default: 100, max: 1000) | |
| fields | No | Specific fields to extract (e.g., ['ip.src', 'ip.dst', 'tcp.port']) | |
| filter | No | Display filter to apply (Wireshark syntax, e.g., 'http', 'tcp.port == 443') |