Ask Your Question
0

How do you increase the number of bytes in a dissetion item?

asked 2022-01-13 19:45:00 +0000

Walton Fehr gravatar image

The dissection item "Data" is limited to 200 bytes. My protocol data units are 240 bytes long. I want to see the whole thing and be able to export it to a .csv file.

edit retag flag offensive close merge delete

Comments

Can you add more detail to this. What version Wireshark? What protocol? How are you doing the export?

Chuckc gravatar imageChuckc ( 2022-01-14 13:09:37 +0000 )edit

I am using one of the latest versions 3.4.5 I am monitoring an Ethernet connecting several devices inside of a closed cabinet. One of the devices sends out a UDP/IP report every 100 msec. The payload of the report is a string 250 bytes long. The packet list pane only shows the first 50 or bytes of the payload. When I try an Export Packet Dissections to CSV, it only export those same 50 or so bytes. I would like to have all of the bytes in the .csv so I can manipulate that text file. I can use the Analyze > Show Packet Bytes but that only gives me one record at a time. I would like to have them all in one .csv file.

Walton Fehr gravatar imageWalton Fehr ( 2022-01-14 13:59:21 +0000 )edit

Your JSON suggestion worked for me. Thanks.

Walton Fehr gravatar imageWalton Fehr ( 2022-01-14 18:53:41 +0000 )edit

@Jaap@grahamb could one of you delete the extra comment above (which is now below as an answer). Not sure if there is a smoother way to turn a comment into an answer?

Chuckc gravatar imageChuckc ( 2022-01-14 19:10:34 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-01-14 19:08:33 +0000

Chuckc gravatar image

How about doing the export with tshark?
Get UDP payload live for all ports

Another method would be to use a different format such as PDML or JSON. These include the UDP payload bytes and can be extracted with a little post processing of the file once exported.

          "udp.payload_raw": [
            "0010020000000000000000030000cf00001c00075566666963696f0026002a0001e24000000003312e3000010003322e3000020003332e3000030003342e3000040006000c29d2ee400027003a01010101000000005ba0000000056162636465000082b100010005666768696c0000a9c2000200056d6e6f70710000d0d3000300057177657274002d0005777470203100230010f95b3a3112e6d55037267a2759af68110029000102002c0001000418000501000000050035000100001e00047f00000100330001020030000f000000000000000000000000000000",
            42,
            220,
            0,
            30
          ],
          "udp.payload": "00:10:02:00:00:00:00:00:00:00:00:03:00:00:cf:00:00:1c:00:07:55:66:66:69:63:69:6f:00:26:00:2a:00:01:e2:40:00:00:00:03:31:2e:30:00:01:00:03:32:2e:30:00:02:00:03:33:2e:30:00:03:00:03:34:2e:30:00:04:00:06:00:0c:29:d2:ee:40:00:27:00:3a:01:01:01:01:00:00:00:00:5b:a0:00:00:00:05:61:62:63:64:65:00:00:82:b1:00:01:00:05:66:67:68:69:6c:00:00:a9:c2:00:02:00:05:6d:6e:6f:70:71:00:00:d0:d3:00:03:00:05:71:77:65:72:74:00:2d:00:05:77:74:70:20:31:00:23:00:10:f9:5b:3a:31:12:e6:d5:50:37:26:7a:27:59:af:68:11:00:29:00:01:02:00:2c:00:01:00:04:18:00:05:01:00:00:00:05:00:35:00:01:00:00:1e:00:04:7f:00:00:01:00:33:00:01:02:00:30:00:0f:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
        },
        "data_raw": [
          "0010020000000000000000030000cf00001c00075566666963696f0026002a0001e24000000003312e3000010003322e3000020003332e3000030003342e3000040006000c29d2ee400027003a01010101000000005ba0000000056162636465000082b100010005666768696c0000a9c2000200056d6e6f70710000d0d3000300057177657274002d0005777470203100230010f95b3a3112e6d55037267a2759af68110029000102002c0001000418000501000000050035000100001e00047f00000100330001020030000f000000000000000000000000000000",
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-01-13 19:45:00 +0000

Seen: 164 times

Last updated: Jan 14 '22