Hi to all, my question is general but I'll use my particular case to explain it. I would like to save a particular portion of an "H223 over TCP" capture file. Imagine you develop a display filter like this: ip.src == 192.168.0.11 && h223.mux.vc ==1 (H.223 virtual circuit: 1) In this way I filtered the packets from one terminal to another (ip.src == 192.168.0.11) and with h223.mux.vc ==1 Now, in the Wireshark's top pane, I can select a single packet (all the displayed packets now are those with h223.mux.vc ==1). For this packet, in the Wireshark's middle pane, I can highlight the field "H.223 virtual circuit: 1" by clicking on it. In this way, in the Wireshark's bottom pane, the bytes of interest are automatically highlighted. I can right click on the highlighted bytes field in the bottom pane and do "Export Selected Packet Bytes...".
I need to do that over all the packets and append all the bytes extracted from all the "H.223 virtual circuit: 1" fields in a single file. Is this possible to do in some way? (The goal is to demultiplex and save the audio and video stream multiplexed in the h223 stream.) Is possible to do such operation or I have to modify the h223 dissector source code with an "fwrite" in the point where "H.223 virtual circuit: x" is added to the Wireshark middle pane? I already read the following discussion but seems that there isn't a general solution: http://thread.gmane.org/gmane.network.wireshark.user/928/focus=928 Thanks in advance, Fabio -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Refill s.r.l. - Cartucce compatibili e kit di ricarica per tutti i modelli di stampante. Acquista al telefono o online: consegna in tutta Italia in 48 ore! Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5190&d=7-2 _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
