Extract and concat packet bytes from multiple streams

asked 2022-10-21 22:35:57 +0000

g2lb
1 ●1

I need to extract and merge packet bytes from ~3,000 separate packets. Each packet is part of a separate UDP stream. Export Packet Bytes lets me get the bytes from a single packet, but I need to extract and concat all the bytes from the multiple packets. I have a filter displaying only the packets of interest in sequential order.

Any help would be very much appreciated. Thank you and take care.

Comments

tshark -r "filename" -T fields -e udp.payload -Y "display filter"

Do you have a test case to verify the extraction is working?
Is this a common task or a one off? CyberChef can be handy for finessing the hex data.

Chuckc ( 2022-10-22 01:59:42 +0000 )edit

add a comment

answered 2022-10-22 18:47:51 +0000

Jasper
24103 ●5 ●111 ●292 Düsseldorf, Germany

After a nudge from @Chuckc I spent an hour to create a small Win64 command line tool that should do what you need. All you need to do is to export your UDP packets of interest to a single pcapng file, and run UDPayloadCarve yourfilename.pcapng(yes, only one P in the name, for the fun of it :)). It will result in a new file in the same directory called "UDPPayloadMerged.bin". You can get that tool here: https://nextcloud.packet-foo.com/inde...

Hope this helps.

edit flag offensive delete link

Comments

Another possible solution as provided by @pstavirs?

tshark -r sample-udp-test.pcap -T fields -e udp.payload -Y "display filter | xxd -r -p - out.dat

cmaynard ( 2022-10-24 14:20:58 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Extract and concat packet bytes from multiple streams

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Extract and concat packet bytes from multiple streams edit

Comments

1 Answer

Comments