Ask Your Question

How do you increase the number of bytes in a dissetion item?

asked 2022-01-13 19:45:00 +0000

Walton Fehr gravatar image

The dissection item "Data" is limited to 200 bytes. My protocol data units are 240 bytes long. I want to see the whole thing and be able to export it to a .csv file.

edit retag flag offensive close merge delete


Can you add more detail to this. What version Wireshark? What protocol? How are you doing the export?

Chuckc gravatar imageChuckc ( 2022-01-14 13:09:37 +0000 )edit

I am using one of the latest versions 3.4.5 I am monitoring an Ethernet connecting several devices inside of a closed cabinet. One of the devices sends out a UDP/IP report every 100 msec. The payload of the report is a string 250 bytes long. The packet list pane only shows the first 50 or bytes of the payload. When I try an Export Packet Dissections to CSV, it only export those same 50 or so bytes. I would like to have all of the bytes in the .csv so I can manipulate that text file. I can use the Analyze > Show Packet Bytes but that only gives me one record at a time. I would like to have them all in one .csv file.

Walton Fehr gravatar imageWalton Fehr ( 2022-01-14 13:59:21 +0000 )edit

Your JSON suggestion worked for me. Thanks.

Walton Fehr gravatar imageWalton Fehr ( 2022-01-14 18:53:41 +0000 )edit

@Jaap@grahamb could one of you delete the extra comment above (which is now below as an answer). Not sure if there is a smoother way to turn a comment into an answer?

Chuckc gravatar imageChuckc ( 2022-01-14 19:10:34 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2022-01-14 19:08:33 +0000

Chuckc gravatar image

How about doing the export with tshark?
Get UDP payload live for all ports

Another method would be to use a different format such as PDML or JSON. These include the UDP payload bytes and can be extracted with a little post processing of the file once exported.

          "udp.payload_raw": [
          "udp.payload": "00:10:02:00:00:00:00:00:00:00:00:03:00:00:cf:00:00:1c:00:07:55:66:66:69:63:69:6f:00:26:00:2a:00:01:e2:40:00:00:00:03:31:2e:30:00:01:00:03:32:2e:30:00:02:00:03:33:2e:30:00:03:00:03:34:2e:30:00:04:00:06:00:0c:29:d2:ee:40:00:27:00:3a:01:01:01:01:00:00:00:00:5b:a0:00:00:00:05:61:62:63:64:65:00:00:82:b1:00:01:00:05:66:67:68:69:6c:00:00:a9:c2:00:02:00:05:6d:6e:6f:70:71:00:00:d0:d3:00:03:00:05:71:77:65:72:74:00:2d:00:05:77:74:70:20:31:00:23:00:10:f9:5b:3a:31:12:e6:d5:50:37:26:7a:27:59:af:68:11:00:29:00:01:02:00:2c:00:01:00:04:18:00:05:01:00:00:00:05:00:35:00:01:00:00:1e:00:04:7f:00:00:01:00:33:00:01:02:00:30:00:0f:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
        "data_raw": [
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-01-13 19:45:00 +0000

Seen: 176 times

Last updated: Jan 14 '22