Ask Your Question
0

Extract only packet payload doesn't work

asked 2017-11-08 13:40:22 +0000

Ron Nelly gravatar image

updated 2017-11-08 13:48:47 +0000

Hi all,

I use Wireshark Version 2.2.6 and have a capture pcap file with lots of packets whose data I want to analyze. For that, I tried the Export function to export only the packet bytes to a text file but everytime the whole packet including source and destination addresses and other information is saved. Then I tried to export it in a binary file and read and analyze it with Matlab. In this case in fact only the payload bytes are saved but Matlab recognizes totally different data than what it is. Is there any trick or workaround I could use? Any help is highly appreciated. Cheers, Ron

ps: I tried now the csv option but this doesn't work neither. It exports only the header and additional information but no data. In the dialog box the "packet bytes" option i grey and unmarked...

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-11-08 17:26:02 +0000

Amato_C gravatar image

Have you tried using Tshark? https://www.wireshark.org/docs/man-pa...

I am not sure what you mean by "export only packet bytes"? Do you mean TCP Length or the actual payload.

edit flag offensive delete link more

Comments

Hi Amato_C, thanks for your reply. I mean only the actual payload and nothing else. There is a Wireshark option File -> "Export Packet Bytes" which exports only the payload in a binary file. But when I check the data it is totally different from what it should be. So, somehow that function does not work neither. I will check now tshark. Thank you.

Ron Nelly gravatar imageRon Nelly ( 2017-11-09 08:43:05 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-11-08 13:40:22 +0000

Seen: 120 times

Last updated: Nov 08