Wireshark mailing list archives
How to access the payload of a protocol in tshark
From: Joerg Mayer <jmayer () loplof de>
Date: Tue, 7 Aug 2012 22:26:08 +0200
Hello, I'm looking for a way to access the payload of a protocol in tshark and haven't found one. Example: I'd like to access (dump) the payload of a udp packet, i.e. dump the data starting with the first byte following the udp header. If this can't be done with the current infrastructure, what would be required to implement this? What I'd like to use with the -e option is something like "<protocol>.payload" for protocols that have a payload that is not dissected via the protocol dissector. This element could be a hidden field. The output could be either text, hex or raw(binary), depending on a -E parameter (or maybe a new option), see the -z follow feature. Is this already possible and I just missed it? If not, does this feature sound reasonable? If so, how should we implement it? thanks Jörg -- Joerg Mayer <jmayer () loplof de> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How to access the payload of a protocol in tshark Joerg Mayer (Aug 07)
- Re: How to access the payload of a protocol in tshark Christopher Maynard (Aug 07)
- Re: How to access the payload of a protocol in tshark Rick Gudmundson (Aug 08)
- Re: How to access the payload of a protocol in tshark Christopher Maynard (Aug 07)