When I export the packet out to a text file,there are hexadecimal data in the file If there is a data field in the packet detail pane.But if there is not this field,I can not get the data when export the packet out to the text file in spite of it contains many bytes data. The data field Such as the following: asked 07 May '12, 19:10  yizhibi |
2 Answers:
When you select Export->File from the File menu, take a look at the "Export File" dialog box. On the bottom right of the dialog box, you'll see "Packet Format" options. Here's where you can change the format of the exported data. If "Packet details" is set to "As displayed", your text file will look like the Packet Details window; whatever is expanded in that window will be expanded in the text file. You can set "Packet details" to "All expanded" to automatically expand every field. You can also enable "Packet bytes" to show the full dump of each packet. answered 08 May '12, 07:24  wesmorgan1 |
In the 2nd pcap you've uploaded ("no data field.pcap"), the UDP data is being parsed by the Packet Cable dissector, which parses 3 bytes and consumes the rest of the data (thus hiding the Data field you seek). You can prevent the Packet Cable dissector from eating up your data by disabling the dissector in one of the following ways:
OR
answered 09 May '12, 23:45  helloworld Thank you very much!I solve this problem which puzzling me for a long time. Regards yizhibi (10 May '12, 00:14) yizhibi |
Thanks for your answer. I also want to know why some packet have data,but in the packet detail pane,there is not the data field? Such as: Frame 531: 238 bytes on wire (1904 bits), 238 bytes captured (1904 bits) ... Transmission Control Protocol, Src Port: domain (53), Dst Port: mysql-cluster (1186), Seq: 1, Ack: 1, Len: 184
But some packet have the data field: Frame 786: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) ... Transmission Control Protocol, Src Port: sms-rcinfo (2701), Dst Port: 51342 (51342), Seq: 1, Ack: 1, Len: 12 Data (12 bytes)
I'm not sure if I understand your request. HOWEVER, there is only a 'Data' field in the packet details,
1.) if there IS data in the packet
2.) if no dissector exists (or the dissector has been disabled) for that protocol.
If there is a dissector, there will be no 'Data' field. Instead you will see the information that was added by the dissector ("Hypertext Transfer Protocol", "Secure Sockets Layer", etc.). Maybe that helps.
Regards
Kurt
Thanks for the response! I means that if there is the data field in the packet details pane, we can get the Hex data when we export the packet to a text file(if it has data).But if there in not the data field,we can not get the Hex data when we export the packet to a text file(although it has data).Why? Wish your response!
Can you please post a sample capture to http://www.cloudshark.org and post the exported data here, so we can see what you get what you expect to get?
I upload a packet which have a data field(in the packet detail pane below the "User Datagram Protocol" ).You could export out to a text file,in the file you can see the Hex data which carried by the packet. http://www.cloudshark.org/captures/4456851016ad But in the http://www.cloudshark.org/captures/6b8585a75d34 I also upload a packet which have not the data field below the "User Datagram Protocol" (thought the total length is 1179).If you export out to a text file,in the file you can not see the Hex data. Wish you could get!Thanks a lot!