Wireshark mailing list archives
Re: Wireshark-users Digest, Vol 94, Issue 10
From: Mathias Koerber <mathias () koerber org>
Date: Mon, 24 Mar 2014 09:21:14 +0800
I'm trying to have tshark decode a number of packets I got from an strace(1) output (params of write, read, recvfrom etc). Thus they are not including any layers below UDP.. I am using Perl's String::Unescape and Data::Hexdumper to convert them to a format similar to what od(1) would output, then text2pcap -q -i 6 -u 10000,53 (as an example for a DNS packet) to make pcap input file and then tshark -l -V -N t -r filename </dev/null >filename2 2>&1 to have tshark decode them. However, that also decodes the dummy lower layers I had text2pcap add to get a full packet. 1. Is there a way to not have to have text2cap add those dummy layers (ie, can I tell tshark that all it will find in the pcap file is UDP packet)? If not: 2. Is there a way to have tshark only decode the UDP part and print it in -V detail? I don't need the full dummy info. thanks M ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Wireshark-users Digest, Vol 94, Issue 10 Mathias Koerber (Mar 23)
- Re: Wireshark-users Digest, Vol 94, Issue 10 Hadriel Kaplan (Mar 23)
- Re: Wireshark-users Digest, Vol 94, Issue 10 Christopher Maynard (Mar 24)
- Re: Wireshark-users Digest, Vol 94, Issue 10 Christopher Maynard (Mar 24)
- Re: Wireshark-users Digest, Vol 94, Issue 10 Christopher Maynard (Mar 24)
- Re: Wireshark-users Digest, Vol 94, Issue 10 Hadriel Kaplan (Mar 23)