You could try saving it as a pcap-file and stripping out the headers. Or
exporting only the packet bytes as plain-text and using sed, awk or any
other tool to extract the right data.
On Mon, 13 Nov 2006 17:52:21 -0800, Pete Fraser [EMAIL PROTECTED]
said:
I'm new to Wireshark, so sorry if this
, 2006 7:59 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Exporting raw packet data?
On Mon, Nov 13, 2006 at 09:02:41PM -1100, Hans Nilsson wrote:
You could try saving it as a pcap-file and stripping out the
headers. Or
exporting only the packet bytes as plain
At 04:59 AM 11/14/2006, Sake Block wrote:
Based on your challenge, I wrote a little perl-script that I think
would do the trick.
The perl-script will take all udp-packets from a saved trace-file
and will extract the udp-payload to a file. If you use (wire|t)shark
to select only the UDP-stream
At 06:24 PM 11/13/2006, Guy Harris wrote:
On Nov 13, 2006, at 5:52 PM, Pete Fraser wrote:
I want to export packet data in raw format, so that I end up with a
binary file.
Raw in what sense?
In the sense that it's used in the Analyze-Follow TCP Stream dialogue.
That is, binary data; not an
Replies in-line below...
I didn't even realize you could do this until I read your question,
but
here is one way (not sure if this is exactly what you want):
Open a capture
Narrow down the interesting packets
(For example, I do a lot of web traffic analysis so I might use a
filter
such as
On Mon, Nov 13, 2006 at 11:03:19PM -0500, Small, James wrote:
I agree that it would be nice to have something like this for UDP but
that means someone would have to write the dissector/re-assembler.
Probably not an easy task.
Feel free to add this to the wish list at
