i open with wireshark a .pcap file , so what i need is to somehow export all the data of the specific protocol , i see the data when i expand the tree inside the program but when using the File-> export packet Dissections on csv format i can not see the actual data but only the data of the columns (No ,Time,Source,.....0 ) is there a way to export the actual data of the spesific protocol in a readable format , for example csv ???? asked 28 Feb '17, 23:41  chriskaza81 |
One Answer:
There are some options to export payload data. For example you can export objects (e.g. SMB files, TFTP files, HTTP objects...) or you can save the payload of a TCP or UDP stream (Follow TCP Stream -> Save as ASCII, C Array...). It depends on your requirement and your protocol. answered 01 Mar '17, 03:45  Uli |
And don't forget about tshark -T fields
the protocol is sr15 it is a radar which sends some coordinates and i need somehow to read them from the packet contents . Unfortunately i tried the above you suggested but with no luck. There must me some way to do it i also tried with tshark commands but still can not achieve any results
Presumably you either have your own dissector or somebody's plugin; Wireshark doesn't include a dissector for it.
If the dissector gives those coordinates names, i.e. treats them as named fields,
tshark -T fieldsshould work - use-eflags, and specify the names of the fields as arguments to the-eflags. If it doesn't give those coordinates names, it should be improved so that it does so.Acctually managed to extract the payload running the above command: tshark -r c:\myFile.pcap -x -R frame.number==1>outpout.txt For now this is the only way i found out ..
Also i am looking into the PcapDotNet library , i see the PayloadLayer class but can not see any data in ascii format