![]() Tshark_exe = "c:/Program Files/Wireshark/tshark.exe" In my case, I just do some filter and use -x option for output.,as this:Įvery line contains three parts :The first column is offset reference, the next 16 columns are bytes in hex, and the remains are the characters map to the data. In actual, every net frame has a same length of header, so ,it's easy to strip the header by a fixed offset, and get the special data. ![]() What I want is the udp srcport and dstport, and the application data. I already give up this way, and decode the frame by myself. I find in wireshark 1.12,there is a "Do not decode" option in "decode as." dialog, if enable it,the display is what I want.but in wireshark 2.2,they removed the option.and I still need a command line to do this filter.Īfter 48 hours and 26 times viewed ,it still no response but one vote up. In a summary, what I want is a portable command line that can flexible and direct output all data after UDP information in a net frame.Ĭould I disable decode on some ports by just add options in command line? I works on Windows7 and wireshark 2.2.use python 2.7 for parse work. I also disable the known conflict protocols, it works ,but there may be same mistake on other unknown protocol and the tshark's output still can't be trust completely. Then, I find a way that special the "disable-protocol" file under wireshark profile folder,but ,I must take the profile file and deploy it before run the parse program on other PC.Īnd, I tried disable all the protocol except udp and tcp ,but it can't work. Īt first, I use the "-e data.data" option, but ,some of the application data could be decode as other protocol, and wouldn't be output by -e data.data. ![]() pcapng files, I want direct filter and output the application raw data via tshark command. Here I need parse a custom protocol in many. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |