Hi, I have a pcap USB file which I am using to decode a custom protocol. My protocol analyzer expect a stream of hex bytes which I need to export from wireshark. Is there anyway to do this? I need to export only bulk out packets which are issues from the host to the device. Right now I select each packet and copy this field. I then open a text file and paste the data. The data format looks like this "byte1:byte2:byte3:byte4:....." I need a continous stream of all the bytes, in the capture data section. Does anyone know how to do this? asked 15 Jul '16, 03:15  losang edited 15 Jul '16, 03:16 |
One Answer:
Let me try that out.
I have no idea how complex your protocol is and using which language you have written your analyzer, but have you checked the possibility to write a dissector in Lua, allowing you to code only the dissection logic and get the access to the whole power of Wireshark, such as display filters, export possibilities etc.? Doing the same in C is of course even better but the advantage of Lua is that you do not need to compile Wireshark.