This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Extracing data buffers

0

I have a capture with about 60 packets. Was able to filter down to just the data buffers, but haven't found a way to put all the buffers into an text file, that I can annotate later.

asked 18 Apr '16, 14:00

Harpo2's gravatar image

Harpo2
6112
accept rate: 0%

One Answer:

0

but haven't found a way to put all the buffers into an text file,

There are several options to do that. See my answers to similar questions.

https://ask.wireshark.org/questions/38998/automating-extraction-of-udp-payload-from-pcap-file
https://ask.wireshark.org/questions/35353/exporting-payload-data-in-binary-file
https://ask.wireshark.org/questions/47183/bulk-extraction-of-udp-payload-data
https://ask.wireshark.org/questions/29693/export-selected-packet-bytes-how-to-cut-off-the-payload-in-a-pcap-file

that I can annotate later.

You can annotate the frame in Wireshark if it's a pcap-ng.

Right click a frame and select Packet Comment. Comments will be stored in the pcap-ng if you save the file.

Regards
Kurt

answered 19 Apr '16, 06:23

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%