Wireshark mailing list archives
Re: Extracting payload from ethernet dumps
From: Sake Blok <sake () euronet nl>
Date: Wed, 29 Sep 2010 23:33:18 +0200
On 27 sep 2010, at 16:49, Simon Greifswald wrote:
I have several gigabytes of dumped network traffic in files, and I need to extract the payload from each packet. So, I want to discard all link layer, internet layer, transport layer headers and only extract the udp packet's payload in a new file.
For TCP you can use "tcpflow": tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis. (http://www.circlemud.org/~jelson/software/tcpflow/) This does of course not work for UDP, but putting UDP payloads together from a trace that contains one "conversation" can be done easily with the script attached to the following message: http://www.wireshark.org/lists/wireshark-users/200611/msg00133.html Hope this helps, Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Extracting payload from ethernet dumps Simon Greifswald (Sep 27)
- Re: Extracting payload from ethernet dumps Estanislao Gonzalez (Sep 27)
- Re: Extracting payload from ethernet dumps Simon Greifswald (Sep 28)
- Re: Extracting payload from ethernet dumps Tim.Poth (Sep 27)
- Re: Extracting payload from ethernet dumps Sake Blok (Sep 29)
- Re: Extracting payload from ethernet dumps Estanislao Gonzalez (Sep 27)