What is the commands that allows the extraction of port destination and payload of packet |
Have you tried to read the tshark documentation page? In short, the field names can be used both to compose the display filter ( You'll have to elaborate on what exactly you mean by "payload". thanks a lot for your response, it is helpful for me payload of packet I mean it the data itself that needs to transfer (usually the user's data).
(11 May '16, 13:32)
Khadidja Kha...
1
This is exactly the wording I didn't want to see :-) The transport (protocol) in most cases doesn't transport just a plain byte stream; a typical payload of a transport protocol is some application protocol, or is at least structured in some way, and Wireshark can dissect these payload types in most (well, at least many) cases. So a single "filterable field" like
What you could do, but would probably find it useless, would be to disable dissection of all protocols, and then enable just ethernet,ip,tcp and udp. That way, Wireshark would be prohibited from dissecting the payload, and anything following the tcp or udp headers would be available as
(11 May '16, 13:54)
sindy
I am grateful to you for your explanation :) thank you but how I can disable dissection of all protocols, and enable just ethernet,ip,tcp and udp. :)
(11 May '16, 14:19)
Khadidja Kha...
|