How can I display packet value as ascii?
Hello Wireshark pros, I am using Wireshark with a Nordic DK board and their tools for sniffing ble packets. I have filtered on load packets from master and slave and I am only interested in the value sent in these packets. I have columnized the value, which in the packet details, is displayed in both hex and ascii. I need the column to display in ascii. This seems a natural and normal thing to need, but short of learning LUA, I can find no canned process for changing the display format of column data fields. Is anyone aware of how to do so or where to find a pre written script for doing such? Thank you kindly Robin @TL
Which exact field are you referring to? Can you post a small capture file somewhere (Dropbox, Drive, etc.)?
Thank you for the help. I will post it later tonight. Robin @TL
Hello Christopher, I have a packet saved on Drive to discuss with you, but I need your email to share it.
Hello again Christopher, A bit more info about the field... It is the "value" field on the load packet. I can columnized and display it, but is displayed as a concatenated sting of hex values in the column. How can I display the value as ascii? Thanks again Robin @ TL
I think it would be better if you just provide a link to a very simple packet capture file that anyone could access. It may not be me who ends up looking it and providing help.
I am not thrilled about opening link related to me to the world. Can you suggest a site that would insulate me a bit more than drive? thanks.
Well, here goes... Important enough to me to share to the world, I guess. Here is the link to the file: https://drive.google.com/drive/folder... The column I need displayed as ascii chars is titled "Value". Any help is greatly appreciated. Thanks all, Robin @ TL
I'm not able to download the file. Literally all you need to do is share a single packet with the field you're interested in. You can even anonymize that packet if you need to using tools like Tracewrangler, WireEdit, etc if you have concerns. You can use editcap to cut off any irrelevant bytes past the field you're concerned about.
Hello again, Not sure why you can't download the file it is open to anyone. I have no concerns over content on the packet capture, only about opening any part of my drive to the world.
Please try again, as I may not have had the link publicly shared at the time you attempted download. Thanks again, Robin @ TL
I don't know why I can't download it either. Maybe try exporting a single packet containing the field of interest to a text file and then post the bytes? One can use
text2pcapto convert it back to a pcap file. To export it, open the file in Wireshark, select the packet of interest, and then choose File -> Export Packet Dissections -> As Plain Text... -> Packet Range: Selected; Packet Format: Packet Bytes (only - you will need to deselect Packet summary line and Packet details); File name: robintl.txt. After that, just paste the contents of the text file. It should resemble that of the example provided in thetext2pcapman page.Hello again, I may not be able to get to this before I leave for vacation. But I will eventually get there, good Lord providing. Back at you when I do. Thanks still for saying involved in my concern.