Extract only packet payload doesn't work

2017-11-08

Hi all,

I use Wireshark Version 2.2.6 and have a capture pcap file with lots of packets whose data I want to analyze. For that, I tried the Export function to export only the packet bytes to a text file but everytime the whole packet including source and destination addresses and other information is saved. Then I tried to export it in a binary file and read and analyze it with Matlab. In this case in fact only the payload bytes are saved but Matlab recognizes totally different data than what it is. Is there any trick or workaround I could use? Any help is highly appreciated. Cheers, Ron

ps: I tried now the csv option but this doesn't work neither. It exports only the header and additional information but no data. In the dialog box the "packet bytes" option i grey and unmarked...

2017-11-08

Have you tried using Tshark?

I am not sure what you mean by "export only packet bytes"? Do you mean TCP Length or the actual payload.

Hi Amato_C, thanks for your reply. I mean only the actual payload and nothing else. There is a Wireshark option File -> "Export Packet Bytes" which exports only the payload in a binary file. But when I check the data it is totally different from what it should be. So, somehow that function does not work neither. I will check now tshark. Thank you.

Ron Nelly ( 2017-11-09 )

You should try follow tcp stream or follow udp stream. There you got all the payload bytes, which you can save.

Otherwise you can try the Export Objects dialog, but this works only for a few protocols.

Christian_R ( 2017-11-25 )

