How to export the Reassembled IPv4 data and not the Frame data
Hey,
I dont really know all the correct terms so they question might be a bit vague. I have data that I want to export into a hex string text file, I have been able to do this only the data that is actually exported is not the full data. At the bottom left I can switch between Frame and Reassembled IPv4 and i think I need data that I can see in the Reassembled IPv4 view. So how do can I export this data into a text file instead of the Frame data that is now exported?
Thanks
edit:
When I look at wireshark I think the desired data is called Reassembled IPv4 data that is in a certain subtree: https://imgur.com/OltUKCt
Any idea how I can export this data? I could also use tshark for this
If you right click the packet, are there any "streams" available under
Followon the pop up menu?Plenty of options there for viewing/copying/saving data - if it works for your protocol.
I do get the desired data then, however there is no split between different frames which I do need, and i also cant export it as a text file.
Do you know how I can still get a separation between the frames and in the same text format as: https://gofile.io/d/prmMwj
Wireshark Sample Captures :
ipv4frags.pcap(libpcap) ICMP Echo request (1400B) response with Fragments (MTU=1000 on one side).Are you looking to automate this with
tshark- if so some post processing of data will be needed.Or if the format of the data is more important, you can copy from the GUI:
Find the packet with reassembled data (display filter of
ip.reassembled.datamay help).Click the bottom tab for
Reassembled IPv4, then right click in the bytes and select...as Hex DumpIf system has
xxd, it's pretty quick to format hex:And
sedto trim the ASCII off if not needed:That is the solution I was looking for! Thanks for the help!