Ask Your Question

Extract and concat packet bytes from multiple streams

asked 2022-10-21 22:35:57 +0000

g2lb gravatar image

I need to extract and merge packet bytes from ~3,000 separate packets. Each packet is part of a separate UDP stream. Export Packet Bytes lets me get the bytes from a single packet, but I need to extract and concat all the bytes from the multiple packets. I have a filter displaying only the packets of interest in sequential order.

Any help would be very much appreciated. Thank you and take care.

edit retag flag offensive close merge delete


tshark -r "filename" -T fields -e udp.payload -Y "display filter"

Do you have a test case to verify the extraction is working?
Is this a common task or a one off? CyberChef can be handy for finessing the hex data.

Chuckc gravatar imageChuckc ( 2022-10-22 01:59:42 +0000 )edit

1 Answer

Sort by » oldest newest most voted

answered 2022-10-22 18:47:51 +0000

Jasper gravatar image

After a nudge from @Chuckc I spent an hour to create a small Win64 command line tool that should do what you need. All you need to do is to export your UDP packets of interest to a single pcapng file, and run UDPayloadCarve yourfilename.pcapng(yes, only one P in the name, for the fun of it :)). It will result in a new file in the same directory called "UDPPayloadMerged.bin". You can get that tool here:

Hope this helps.

edit flag offensive delete link more


Another possible solution as provided by @pstavirs?

tshark -r sample-udp-test.pcap -T fields -e udp.payload -Y "display filter | xxd -r -p - out.dat
cmaynard gravatar imagecmaynard ( 2022-10-24 14:20:58 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-10-21 22:35:57 +0000

Seen: 1,131 times

Last updated: Oct 22 '22