This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Automating extraction of UDP payload from pcap file

0

Hey,

Was wondering if it's possible to point Wireshark, or a Wireshark utility, at an existing pcap UDP capture file and have it do the equivalent of: * Follow UDP Stream * Save As (Raw format) to a specified output file ...from the command line.

Is this doable?

Thanks!

-phil matthews

asked 09 Jan '15, 06:55

philbo_m's gravatar image

philbo_m
11112
accept rate: 0%

One Answer:

2

Please read the scripting part of my answer to a similar question.

https://ask.wireshark.org/questions/35353/exporting-payload-data-in-binary-file

As an alternative, you can run tshark with the options -V and -x, or -T dpml and then and extract whatever you need from that output.

tshark -nr input.pcap -V -x | your_script
tshark -nr input.pcap -T pdml | your_script

Regards
Kurt

answered 10 Jan '15, 04:55

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Hey Kurt,

Using '-T pdml' + a little bit of post-processing on the data.data element - works like a charm.

Thanks!

-phil

(15 Jan '15, 06:49) philbo_m