How about doing the export with tshark
?
Get UDP payload live for all ports
Another method would be to use a different format such as PDML
or JSON
. These include the UDP
payload bytes and can be extracted with a little post processing of the file once exported.
"udp.payload_raw": [
"0010020000000000000000030000cf00001c00075566666963696f0026002a0001e24000000003312e3000010003322e3000020003332e3000030003342e3000040006000c29d2ee400027003a01010101000000005ba0000000056162636465000082b100010005666768696c0000a9c2000200056d6e6f70710000d0d3000300057177657274002d0005777470203100230010f95b3a3112e6d55037267a2759af68110029000102002c0001000418000501000000050035000100001e00047f00000100330001020030000f000000000000000000000000000000",
42,
220,
0,
30
],
"udp.payload": "00:10:02:00:00:00:00:00:00:00:00:03:00:00:cf:00:00:1c:00:07:55:66:66:69:63:69:6f:00:26:00:2a:00:01:e2:40:00:00:00:03:31:2e:30:00:01:00:03:32:2e:30:00:02:00:03:33:2e:30:00:03:00:03:34:2e:30:00:04:00:06:00:0c:29:d2:ee:40:00:27:00:3a:01:01:01:01:00:00:00:00:5b:a0:00:00:00:05:61:62:63:64:65:00:00:82:b1:00:01:00:05:66:67:68:69:6c:00:00:a9:c2:00:02:00:05:6d:6e:6f:70:71:00:00:d0:d3:00:03:00:05:71:77:65:72:74:00:2d:00:05:77:74:70:20:31:00:23:00:10:f9:5b:3a:31:12:e6:d5:50:37:26:7a:27:59:af:68:11:00:29:00:01:02:00:2c:00:01:00:04:18:00:05:01:00:00:00:05:00:35:00:01:00:00:1e:00:04:7f:00:00:01:00:33:00:01:02:00:30:00:0f:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
},
"data_raw": [
"0010020000000000000000030000cf00001c00075566666963696f0026002a0001e24000000003312e3000010003322e3000020003332e3000030003342e3000040006000c29d2ee400027003a01010101000000005ba0000000056162636465000082b100010005666768696c0000a9c2000200056d6e6f70710000d0d3000300057177657274002d0005777470203100230010f95b3a3112e6d55037267a2759af68110029000102002c0001000418000501000000050035000100001e00047f00000100330001020030000f000000000000000000000000000000",
Can you add more detail to this. What version Wireshark? What protocol? How are you doing the export?
I am using one of the latest versions 3.4.5 I am monitoring an Ethernet connecting several devices inside of a closed cabinet. One of the devices sends out a UDP/IP report every 100 msec. The payload of the report is a string 250 bytes long. The packet list pane only shows the first 50 or bytes of the payload. When I try an Export Packet Dissections to CSV, it only export those same 50 or so bytes. I would like to have all of the bytes in the .csv so I can manipulate that text file. I can use the Analyze > Show Packet Bytes but that only gives me one record at a time. I would like to have them all in one .csv file.
Your JSON suggestion worked for me. Thanks.
@Jaap@grahamb could one of you delete the extra comment above (which is now below as an answer). Not sure if there is a smoother way to turn a comment into an answer?