Wireshark · Wireshark-users: Re: [Wireshark-users] Save the bytes of a particular field from all the displayed packets in one fil

Wireshark-users: Re: [Wireshark-users] Save the bytes of a particular field from all the displaye

From: "Frank Bulk" <frnkblk@xxxxxxxxx>

Date: Wed, 7 Feb 2007 13:54:48 -0600

Anyone reading the last few weeks of postings should be detecting a
recurring theme...people want to extract images and audio with the correct
file headers and names from packet streams that may or may not be
contiguous.

Sounds like a big task.

Frank

> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx 
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Still Life
> Sent: Wednesday, February 07, 2007 10:53 AM
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: [Wireshark-users] Save the bytes of a particular 
> field from all the displayed packets in one file
> 
> 
> Hi to all,
> my question is general but I'll use my particular
> case to explain it.
> I would like to save a particular portion of an "H223
> over TCP" capture file.
> Imagine you develop a display filter like this:
> ip.src == 192.168.0.11 && h223.mux.vc ==1 (H.223 virtual circuit: 1)
> In this way I filtered the packets from one terminal to another
> (ip.src == 192.168.0.11) and with h223.mux.vc ==1
> Now, in the Wireshark's top pane, I can select a single
> packet (all the displayed packets now are those with h223.mux.vc ==1).
> For this packet, in the Wireshark's middle pane, I can highlight
> the field "H.223 virtual circuit: 1"  by clicking on it.
> In this way, in the Wireshark's bottom pane, the bytes of interest
> are automatically highlighted.
> I can right click on the highlighted bytes field in the bottom
> pane and do "Export Selected Packet Bytes...".
> 
> I need to do that over all the packets and append all the
> bytes extracted from all the "H.223 virtual circuit: 1"
> fields in a single file. Is this possible to do in some way?
> 
> (The goal is to demultiplex and save the audio and video
> stream multiplexed in the h223 stream.)
> 
> Is possible to do such operation or I have to modify
> the h223 dissector source code with an "fwrite" in the point where
> "H.223 virtual circuit: x" is added to the Wireshark middle pane?
> 
> I already read the following discussion but seems that there isn't
> a general solution:
> http://thread.gmane.org/gmane.network.wireshark.user/928/focus=928
> 
> Thanks in advance,
>                     Fabio
>  
>  
>  --
>  Email.it, the professional e-mail, gratis per te: 
> http://www.email.it/f
>  
>  Sponsor:
>  Refill s.r.l. - Cartucce compatibili e kit di ricarica per 
> tutti i modelli di stampante. Acquista al telefono o online: 
> consegna in tutta Italia in 48 ore!
>  Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5190&d=7-2
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>

Follow-Ups:
- Re: [Wireshark-users] Save the bytes of a particular field from all the displayed packets in one file
  - From: Stephen Fisher
- Re: [Wireshark-users] Save the bytes of a particular field from all the displayed packets in one file
  - From: Stephen Fisher

References:
- [Wireshark-users] Save the bytes of a particular field from all the displayed packets in one file
  - From: Still Life

Prev by Date: Re: [Wireshark-users] Statistics grouped by port?
Next by Date: Re: [Wireshark-users] Connection dropping on en0 on OS X.
Previous by thread: [Wireshark-users] Save the bytes of a particular field from all the displayed packets in one file
Next by thread: Re: [Wireshark-users] Save the bytes of a particular field from all the displayed packets in one file
Index(es):
- Date
- Thread