Ask Your Question
0

export to csv for more than 24 bytes data

asked 2019-12-12 07:12:57 +0000

goma_fusa gravatar image

Dear Sirs,

I exported the 32 bytes received data (UDP) into csv format. Only 24 bytes data frame is correctly exported to csv format but rest of 8 bytes are trashed. And I noticed that data shown in packet list window is also 24 bytes and following 8 bytes are collapsed and displayed as "...". Does anyone know how to export more than 24 bytes data into csv format ?

Best regards, Goma Fusa

edit retag flag offensive close merge delete

Comments

What is the field name being exported that contains the UDP data?

Chuckc gravatar imageChuckc ( 2019-12-12 13:24:04 +0000 )edit

Hello

Field name is data.data of Custom. Thank you in advance

Best regards

goma_fusa gravatar imagegoma_fusa ( 2019-12-12 13:45:42 +0000 )edit

Still looking at GUI. Here's an example with tshark:

$ tshark --disable-protocol dns -r ./dns-ptr.pcapng -T fields -e data.data | head -2
2fc901000001000000000000033231390236370232320331393507696e2d61646472046172706100000c0001
48c8010000010000000000000332303703313530013602323407696e2d61646472046172706100000c0001
Chuckc gravatar imageChuckc ( 2019-12-12 15:08:44 +0000 )edit

What version of Wireshark?

grahamb gravatar imagegrahamb ( 2019-12-12 15:12:51 +0000 )edit

my version is 3.0.7

goma_fusa gravatar imagegoma_fusa ( 2019-12-12 20:40:00 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-12-12 15:34:36 +0000

Chuckc gravatar image

It's hard coded to a max of 48 characters.

/* Max string length for displaying byte string.  */
#define MAX_BYTE_STR_LEN        48


That's 16 bytes if a space is between each hex byte or 24 bytes with no spacer as in data.data.
tshark might be the best method.

edit flag offensive delete link more

Comments

$ tshark --disable-protocol dns -r ./dns-ptr.pcapng -T fields -Eheader=y -Eseparator="," -Equote=d -e frame.number -e data.data
frame.number,data.data
"1","2fc901000001000000000000033231390236370232320331393507696e2d61646472046172706100000c0001"
"2","48c8010000010000000000000332303703313530013602323407696e2d61646472046172706100000c0001"

Info on all tsharkoptions here: https://www.wireshark.org/docs/man-pa...

Chuckc gravatar imageChuckc ( 2019-12-12 15:56:51 +0000 )edit

Now I solved the issue by tshark based on your answers. Many thanks for your support !!

goma_fusa gravatar imagegoma_fusa ( 2019-12-12 20:38:22 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-12-12 07:12:57 +0000

Seen: 67 times

Last updated: Dec 12 '19