How to get printable text of multiple packets at once?

asked 2018-04-10 08:56:25 +0000

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hi,

We are getting all the SQL queries from the packets being captured by wireshark. There are times when the packets are in hundreds and it is very laborious to get the printable text of the packet one by one manually. There is also a risk of missing out some packets if we click the wrong line number.

Is there a way to get them by batch or by selecting several packets?

Thanks, GJ

edit retag flag offensive close merge delete

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2018-04-10 09:54:54 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

What is the field that you are printing out? Select the field in the packet details tree and look at the status bar, the field name is in parentheses.

With the field name you can use tshark (the command line version of Wireshark) to print out only that field using the-T fields -e your fieldname options.

edit flag offensive delete link

add a comment

answered 2018-04-10 10:00:53 +0000

Jaap

13720 ●683 ●115

If you are looking for text output you should look into using tshark, combined with the proper display filter and output format (eg. json, tabs or text) and post process from there.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

How to get printable text of multiple packets at once?

2 Answers

Your Answer

Question Tools

Stats

Related questions

How to get printable text of multiple packets at once? edit

2 Answers

Your Answer

Question Tools

Stats

Related questions

How to get printable text of multiple packets at once?