Hello,
I'm looking for a way to access the payload of a protocol in tshark and
haven't found one.
Example: I'd like to access (dump) the payload of a udp packet, i.e. dump
the data starting with the first byte following the udp header.
If this can't be done with the current infrastructure, what would be required
to implement this?
What I'd like to use with the -e option is something like "<protocol>.payload"
for protocols that have a payload that is not dissected via the protocol dissector.
This element could be a hidden field.
The output could be either text, hex or raw(binary), depending on a -E parameter
(or maybe a new option), see the -z follow feature.
Is this already possible and I just missed it?
If not, does this feature sound reasonable?
If so, how should we implement it?
thanks
Jörg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
