Ask Your Question
0

Extract and concat packet bytes from multiple streams

asked 2022-10-21 22:35:57 +0000

g2lb gravatar image

I need to extract and merge packet bytes from ~3,000 separate packets. Each packet is part of a separate UDP stream. Export Packet Bytes lets me get the bytes from a single packet, but I need to extract and concat all the bytes from the multiple packets. I have a filter displaying only the packets of interest in sequential order.

Any help would be very much appreciated. Thank you and take care.

edit retag flag offensive close merge delete

Comments

tshark -r "filename" -T fields -e udp.payload -Y "display filter"

Do you have a test case to verify the extraction is working?
Is this a common task or a one off? CyberChef can be handy for finessing the hex data.

Chuckc gravatar imageChuckc ( 2022-10-22 01:59:42 +0000 )edit
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2022-10-22 18:47:51 +0000

Jasper gravatar image

After a nudge from @Chuckc I spent an hour to create a small Win64 command line tool that should do what you need. All you need to do is to export your UDP packets of interest to a single pcapng file, and run UDPayloadCarve yourfilename.pcapng(yes, only one P in the name, for the fun of it :)). It will result in a new file in the same directory called "UDPPayloadMerged.bin". You can get that tool here: https://nextcloud.packet-foo.com/inde...

Hope this helps.

edit flag offensive delete link more

Comments

Another possible solution as provided by @pstavirs? 

tshark -r sample-udp-test.pcap -T fields -e udp.payload -Y "display filter | xxd -r -p - out.dat
cmaynard gravatar imagecmaynard ( 2022-10-24 14:20:58 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-10-21 22:35:57 +0000

Seen: 1,390 times

Last updated: Oct 22 '22

Related questions

How do I dissect multiple packets?

How do I use the fragment_add_seq_check function in UDP packet reassembly?

Is it possible to use reassembly on non-split packets?

How do I dissect packets if the dissection depends on information from earlier packets?

Little Endian for "Proto_Tree_Add_Bits" Function

How do I extract the individual flows from the total packets in a pcap file?

How can I filter packet bytes to display only certain messages...

how to invert two bytes in lua script dissector ?

Capture incoming packets from remote web server

How do I get and display packet data information at a specific byte from the first byte?