Wireshark mailing list archives

Re: export all ascii data from multiple streams to one text file

From: David Alanis <canito () dalan us>
Date: Tue, 22 Mar 2011 05:18:00 -0500


On Thu, 2011-03-17 at 14:20 +0200, Coert Waagmeester wrote:

Hello all.

I have done a sniff of 29 computers using a service that is
predominantly plain text.

In wireshark I have the display filter set to only the 'plaintext' port.
There are 29 seperate streams which I can export seperately.
But I would like to export all ASCII data from all the displayed packets
into a text file.

How can I do that?


Kind regards,
Coert Waagmeester
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


If I recall correctly you can use tshark to read the capture file and
output the stream(s) in ascii to a file.

I don't have all of the switches but e.g. if you want to display all
traffic from client IP 192.168.0.1 you would run the following using -x
to dump it out in hex && ascii: 

tshark -x -R "ip.addr == 192.168.0.1" -r /tmp/capture.cap > output.txt

I found and tested this example by running a quick google search. I hope
it helps.

Cheers-
David

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

export all ascii data from multiple streams to one text file Coert Waagmeester (Mar 17)
- Re: export all ascii data from multiple streams to one text file David Alanis (Mar 21)