 | 1 | initial version |
This will export the UDP payload in a way you can add to a script:
tshark -r <infile> -Y "udp.stream eq <stream#>" -w <outfile>
tshark has other options for following streams like -z, and it's worth checking out the man page for more details.
In response to @srainey, I doubt that this is related to UI as tshark and wireshark both take ~3s to find a 200 packet stream in a 200MB file in my testing.
@HiZ If you continue to see a discrepancy between follow generic UDP stream and follow RTP stream, please create a bug. What we would be looking for specifically would be a way to replicate what you're finding, ideally with pcaps and all relevant info).