What is the commands that allows the extraction of port destination and payload of packet asked 11 May '16, 12:50  Khadidja Kha... |
One Answer:
Have you tried to read the tshark documentation page? In short, the field names can be used both to compose the display filter ( You'll have to elaborate on what exactly you mean by "payload". answered 11 May '16, 13:07  sindy |
thanks a lot for your response, it is helpful for me payload of packet I mean it the data itself that needs to transfer (usually the user's data).
This is exactly the wording I didn't want to see :-)
The transport (protocol) in most cases doesn't transport just a plain byte stream; a typical payload of a transport protocol is some application protocol, or is at least structured in some way, and Wireshark can dissect these payload types in most (well, at least many) cases. So a single "filterable field" like
udp.payloaddoesn't exist as normally no one needs it. Therefore,for application protocols which can be dissected (like RTP), you have to use the corresponding filterable field names to access individual fields of these protocols,
the part of a packet which cannot be dissected is sometimes accessible as a filterable field named
data. This may be the case even for udp if neither the source or destination port, nor analysis of an associated control communication captured, nor any heuristic allows Wireshark (tshark) to determine which dissector to feed the payload to.What you could do, but would probably find it useless, would be to disable dissection of all protocols, and then enable just ethernet,ip,tcp and udp. That way, Wireshark would be prohibited from dissecting the payload, and anything following the tcp or udp headers would be available as
data(and, most likely, totally incomprehensible).I am grateful to you for your explanation :) thank you but how I can disable dissection of all protocols, and enable just ethernet,ip,tcp and udp. :)