|
i open with wireshark a .pcap file , so what i need is to somehow export all the data of the specific protocol , i see the data when i expand the tree inside the program but when using the File-> export packet Dissections on csv format i can not see the actual data but only the data of the columns (No ,Time,Source,.....0 ) is there a way to export the actual data of the spesific protocol in a readable format , for example csv ???? |
|
There are some options to export payload data. For example you can export objects (e.g. SMB files, TFTP files, HTTP objects...) or you can save the payload of a TCP or UDP stream (Follow TCP Stream -> Save as ASCII, C Array...). It depends on your requirement and your protocol. And don't forget about tshark -T fields
(01 Mar '17, 05:39)
Jaap ♦
the protocol is sr15 it is a radar which sends some coordinates and i need somehow to read them from the packet contents . Unfortunately i tried the above you suggested but with no luck. There must me some way to do it i also tried with tshark commands but still can not achieve any results
(01 Mar '17, 09:47)
chriskaza81
Presumably you either have your own dissector or somebody's plugin; Wireshark doesn't include a dissector for it.
If the dissector gives those coordinates names, i.e. treats them as named fields,
(01 Mar '17, 10:24)
Guy Harris ♦♦
Acctually managed to extract the payload running the above command: tshark -r c:\myFile.pcap -x -R frame.number==1>outpout.txt For now this is the only way i found out .. Also i am looking into the PcapDotNet library , i see the PayloadLayer class but can not see any data in ascii format
(04 Mar '17, 10:10)
chriskaza81
|
