Wireshark · Wireshark-users: Re: [Wireshark-users] Extracting the payload

Wireshark-users: Re: [Wireshark-users] Extracting the payload

From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx>

Date: Fri, 17 Apr 2009 17:23:41 +0400

You might want to use tshark (manual page: http://www.wireshark.org/docs/man-pages/tshark.html).

Here's a sample output from my Windows machine:
> tshark -i 5 -T fields -e frame.len
Capturing on Broadcom NetXtreme Gigabit Ethernet Driver (Microsoft's Packet Scheduler)
64
60
62
112
64
60
60
60
62
64
60
112
64
13 packets captured

You can also use the fields "tcp.len" or "udp.length" to check the sizes of only the payload minus the TCP/IP and lower layer headers.

Regards,
Abhik.

On Fri, Apr 17, 2009 at 3:27 PM, ram singh <ramsingh.600@xxxxxxxxx> wrote:

Hi guys,
i'm in need of getting only the payload(length) of captured packets using wireshark.Plz could anyone help in coding to extract only the length of captured packets.

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-users] Extracting the payload
  - From: ram singh

References:
- [Wireshark-users] Extracting the payload
  - From: ram singh

Prev by Date: [Wireshark-users] Extracting the payload
Next by Date: [Wireshark-users] Finding MAC address
Previous by thread: [Wireshark-users] Extracting the payload
Next by thread: Re: [Wireshark-users] Extracting the payload
Index(es):
- Date
- Thread