Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2022-01-09 17:30:03 +0000

Chuckc gravatar image

image description

Create a profile with only ethernet, IPv4 and UDP protocols enabled Analyze -> Enabled Protocols... then run tshark with it:

The-Ultimate-PCAP$ tshark -r ultpcap2.pcapng -C UDP_and_below -T fields -e ip.src -e udp.dstport -e data -Y udp
0.0.0.0 67      01010600ecd8ce24000000000000000000000000000000000000000000216a2d3b8e000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000638253633501010c0c4d6963726f6b6e6f707069783712011c02030f06770c2c2f1a792a79f921fc2aff0000000000000
0000000000000000000000000000000
192.168.2.102   53      b89f010000010000000000000568656973650264650000010001
192.168.2.1     56606   b89f818000010001000000000568656973650264650000010001c00c000100010000002e0004c1639050
192.168.2.102   53      d7fa01000001000000000000023830033134340239390331393307696e2d61646472046172706100000c0001
192.168.2.1     41635   d7fa81800001000100000000023830033134340239390331393307696e2d61646472046172706100000c0001c00c0
00c00010000ba3100150a72656469726563746f7205686569736502646500
192.168.2.102   53      fb5a01000001000000000000023830033134340239390331393307696e2d61646472046172706100000c0001
192.168.2.1     39208   fb5a81800001000100000000023830033134340239390331393307696e2d61646472046172706100000c0001c00c0
00c00010000ba3000150a72656469726563746f7205686569736502646500

(XXX - The IP Option protocols came along even though the first step was to Disable All. Working as intended?)