Wireshark mailing list archives
Re: Extracting payload from ethernet dumps
From: Estanislao Gonzalez <estanislao.gonzalez () zmaw de>
Date: Mon, 27 Sep 2010 17:09:25 +0200
Hi, not completely sure, but I think "tcpdump -r file" will read from your file and dump some basic information. You could rewrite it (I think) with -w new_file dumping only what you need. Anyway, you should definitely check the man page of tcpdump (or online help if not in linux) Hope this helps. Cheers, Estani On 09/27/2010 04:49 PM, Simon Greifswald wrote:
Hello, I have several gigabytes of dumped network traffic in files, and I need to extract the payload from each packet. So, I want to discard all link layer, internet layer, transport layer headers and only extract the udp packet's payload in a new file. If it were not so much data, I used the wireshark gui's "Follow stream" function, but sadly this is not an option since there are too many files to parse. I would rather have a script do it for me. So what I need is a way using tshark, tcpdump or so to strip the headers from the packets. Does anyone know a tool which can be used to do this? Thanks in advance, Simon ___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
-- Estanislao Gonzalez Max-Planck-Institut für Meteorologie (MPI-M) Deutsches Klimarechenzentrum (DKRZ) - German Climate Computing Centre Room 108 - Bundesstrasse 45a, D-20146 Hamburg, Germany Phone: +49 (40) 46 00 94-126 E-Mail: estanislao.gonzalez () zmaw de ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Extracting payload from ethernet dumps Simon Greifswald (Sep 27)
- Re: Extracting payload from ethernet dumps Estanislao Gonzalez (Sep 27)
- Re: Extracting payload from ethernet dumps Simon Greifswald (Sep 28)
- Re: Extracting payload from ethernet dumps Tim.Poth (Sep 27)
- Re: Extracting payload from ethernet dumps Sake Blok (Sep 29)
- Re: Extracting payload from ethernet dumps Estanislao Gonzalez (Sep 27)