wdump: generic dump tool
wdump is a simple tool that saves packets into a PCAP file.
This tool MUST be used at the end of a processing chain to log packets into
a PCAP file.
Usage
... | wdump [OPTIONS] PCAP
Command-line options
wdump supports the following options:
--force(-f): force PCAP file overwrite, if destination file already exists--append(-a): append packets to an existing file, create new file if it does not exist
It also supports the following debugging options:
--log: if set, specifies the level of logging (must be one of the following, from the less verbose to the more verbose level): error, warn, info, debug--log-file FILE: if set, logging will output messages to the specified fileFILEinstead of using standard output
Saving filtered packets into a PCAP file
As a very simple example, the following command uses wplay (see wplay: generic replay tool) and
wfilter (see wfilter: generic packet filtering and processing tool) to process a PCAP file, filter packets to only keep BLE
advertisements and save them into a new PCAP file:
$ wplay --flush ressources/pcaps/ble_discovery.pcap ble | wfilter "BTLE_ADV_IND in p" | wdump ble_advertisements.pcap