Wireshark mailing list archives
Re: How to access the payload of a protocol in tshark
From: Rick Gudmundson <rickg421 () gmail com>
Date: Tue, 7 Aug 2012 16:18:51 -0500
I too was just looking for this feature today. I thought that I stumbled upon it with "-O". However, that doesn't *only* print detailed information for the specific protocol. It also prints the summary lines for other protocols. Maybe that's a jumping off point? Thanks, Rick On Tue, Aug 7, 2012 at 3:48 PM, Christopher Maynard < Christopher.Maynard () gtech com> wrote:
Joerg Mayer <jmayer@...> writes:I'm looking for a way to access the payload of a protocol in tshark and haven't found one.I was recently trying to do something similar for one of our older protocols that nobody had yet written a dissector for, but I was unable to come up with a solution. For me, it would have been good enough if something like "-e data.data[n:m]" or "-e frame[n:m]" worked, but unfortunately neither of them do. I ended up having to write a basic enough dissector to get at least some of the data of interest out of it quickly.What I'd like to use with the -e option is something like"<protocol>.payload"for protocols that have a payload that is not dissected via the protocoldissector.This element could be a hidden field. The output could be either text, hex or raw(binary), depending on a -E parameter (or maybe a new option), see the -z follow feature. Is this already possible and I just missed it?I am unaware of such a feature ... but maybe I missed it too.If not, does this feature sound reasonable?Yes! +1 - Chris ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
-- Rick
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How to access the payload of a protocol in tshark Joerg Mayer (Aug 07)
- Re: How to access the payload of a protocol in tshark Christopher Maynard (Aug 07)
- Re: How to access the payload of a protocol in tshark Rick Gudmundson (Aug 08)
- Re: How to access the payload of a protocol in tshark Christopher Maynard (Aug 07)