Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Reassembling UDP conversations
From: "Eiland, Edward (GE, Research)" <eiland@xxxxxx>
Date: Wed, 7 May 2008 14:36:26 -0400
I see it. I need to convert all UDP traffic in the pcap file into conversations and save them as individual files. Since the file is hundreds of MB, this would be unmanageable manually. The question then becomes "how can I automate following the UDP streams?" I will ultimately need to do do the same for the TCP streams, as well... eee -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen Fisher Sent: Wednesday, May 07, 2008 14:25 To: Community support list for Wireshark Subject: Re: [Wireshark-users] Reassembling UDP conversations On Wed, May 07, 2008 at 12:23:50PM -0400, Eiland, Edward (GE, Research) wrote: > I have a pcap file from which I want to reassemble UDP conversations. > It looks like this can be done by creating a post-dissector with Lua. > I am, however, a newbie to both wireShark and Lua. Can anyone point > me to resources that will help me with this? What do you mean by reassemble a UDP conversation? There is already a feature that sounds like what you want. It is under the Analysis menu called Follow UDP Stream. Steve _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users
- References:
- [Wireshark-users] Reassembling UDP conversations
- From: Eiland, Edward (GE, Research)
- Re: [Wireshark-users] Reassembling UDP conversations
- From: Stephen Fisher
- [Wireshark-users] Reassembling UDP conversations
- Prev by Date: Re: [Wireshark-users] Reassembling UDP conversations
- Next by Date: [Wireshark-users] SIP SDP RTP correlation
- Previous by thread: Re: [Wireshark-users] Reassembling UDP conversations
- Next by thread: [Wireshark-users] SIP SDP RTP correlation
- Index(es):