Ask Your Question
0

How to get printable text of multiple packets at once?

asked 2018-04-10 08:56:25 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hi,

We are getting all the SQL queries from the packets being captured by wireshark. There are times when the packets are in hundreds and it is very laborious to get the printable text of the packet one by one manually. There is also a risk of missing out some packets if we click the wrong line number.

Is there a way to get them by batch or by selecting several packets?

Thanks, GJ

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2018-04-10 09:54:54 +0000

grahamb gravatar image

What is the field that you are printing out? Select the field in the packet details tree and look at the status bar, the field name is in parentheses.

With the field name you can use tshark (the command line version of Wireshark) to print out only that field using the-T fields -e your fieldname options.

edit flag offensive delete link more
0

answered 2018-04-10 10:00:53 +0000

Jaap gravatar image

If you are looking for text output you should look into using tshark, combined with the proper display filter and output format (eg. json, tabs or text) and post process from there.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-04-10 08:56:25 +0000

Seen: 2,510 times

Last updated: Apr 10 '18