How do you increase the number of bytes in a dissetion item?

asked 2022-01-13 19:45:00 +0000

The dissection item "Data" is limited to 200 bytes. My protocol data units are 240 bytes long. I want to see the whole thing and be able to export it to a .csv file.

Comments

Can you add more detail to this. What version Wireshark? What protocol? How are you doing the export?

Chuckc ( 2022-01-14 13:09:37 +0000 )edit

I am using one of the latest versions 3.4.5 I am monitoring an Ethernet connecting several devices inside of a closed cabinet. One of the devices sends out a UDP/IP report every 100 msec. The payload of the report is a string 250 bytes long. The packet list pane only shows the first 50 or bytes of the payload. When I try an Export Packet Dissections to CSV, it only export those same 50 or so bytes. I would like to have all of the bytes in the .csv so I can manipulate that text file. I can use the Analyze > Show Packet Bytes but that only gives me one record at a time. I would like to have them all in one .csv file.

Walton Fehr ( 2022-01-14 13:59:21 +0000 )edit

Your JSON suggestion worked for me. Thanks.

Walton Fehr ( 2022-01-14 18:53:41 +0000 )edit

@Jaap @grahamb could one of you delete the extra comment above (which is now below as an answer). Not sure if there is a smoother way to turn a comment into an answer?

Chuckc ( 2022-01-14 19:10:34 +0000 )edit

add a comment

answered 2022-01-14 19:08:33 +0000

Chuckc
2858 ●6 ●570 ●20

How about doing the export with tshark?
Get UDP payload live for all ports

Another method would be to use a different format such as PDML or JSON. These include the UDP payload bytes and can be extracted with a little post processing of the file once exported.

          "udp.payload_raw": [
            "0010020000000000000000030000cf00001c00075566666963696f0026002a0001e24000000003312e3000010003322e3000020003332e3000030003342e3000040006000c29d2ee400027003a01010101000000005ba0000000056162636465000082b100010005666768696c0000a9c2000200056d6e6f70710000d0d3000300057177657274002d0005777470203100230010f95b3a3112e6d55037267a2759af68110029000102002c0001000418000501000000050035000100001e00047f00000100330001020030000f000000000000000000000000000000",
            42,
            220,
            0,
            30
          ],
          "udp.payload": "00:10:02:00:00:00:00:00:00:00:00:03:00:00:cf:00:00:1c:00:07:55:66:66:69:63:69:6f:00:26:00:2a:00:01:e2:40:00:00:00:03:31:2e:30:00:01:00:03:32:2e:30:00:02:00:03:33:2e:30:00:03:00:03:34:2e:30:00:04:00:06:00:0c:29:d2:ee:40:00:27:00:3a:01:01:01:01:00:00:00:00:5b:a0:00:00:00:05:61:62:63:64:65:00:00:82:b1:00:01:00:05:66:67:68:69:6c:00:00:a9:c2:00:02:00:05:6d:6e:6f:70:71:00:00:d0:d3:00:03:00:05:71:77:65:72:74:00:2d:00:05:77:74:70:20:31:00:23:00:10:f9:5b:3a:31:12:e6:d5:50:37:26:7a:27:59:af:68:11:00:29:00:01:02:00:2c:00:01:00:04:18:00:05:01:00:00:00:05:00:35:00:01:00:00:1e:00:04:7f:00:00:01:00:33:00:01:02:00:30:00:0f:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
        },
        "data_raw": [
          "0010020000000000000000030000cf00001c00075566666963696f0026002a0001e24000000003312e3000010003322e3000020003332e3000030003342e3000040006000c29d2ee400027003a01010101000000005ba0000000056162636465000082b100010005666768696c0000a9c2000200056d6e6f70710000d0d3000300057177657274002d0005777470203100230010f95b3a3112e6d55037267a2759af68110029000102002c0001000418000501000000050035000100001e00047f00000100330001020030000f000000000000000000000000000000",

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

How do you increase the number of bytes in a dissetion item?

Comments

1 Answer

Your Answer

Question Tools

Stats

How do you increase the number of bytes in a dissetion item? edit

Comments

1 Answer

Your Answer

Question Tools

Stats

How do you increase the number of bytes in a dissetion item?