Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Save the bytes of a particular field from all the displaye

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Frank Bulk" <frnkblk@xxxxxxxxx>
Date: Wed, 7 Feb 2007 13:54:48 -0600
Anyone reading the last few weeks of postings should be detecting a
recurring theme...people want to extract images and audio with the correct
file headers and names from packet streams that may or may not be
contiguous.

Sounds like a big task.

Frank

> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx 
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Still Life
> Sent: Wednesday, February 07, 2007 10:53 AM
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: [Wireshark-users] Save the bytes of a particular 
> field from all the displayed packets in one file
> 
> 
> Hi to all,
> my question is general but I'll use my particular
> case to explain it.
> I would like to save a particular portion of an "H223
> over TCP" capture file.
> Imagine you develop a display filter like this:
> ip.src == 192.168.0.11 && h223.mux.vc ==1 (H.223 virtual circuit: 1)
> In this way I filtered the packets from one terminal to another
> (ip.src == 192.168.0.11) and with h223.mux.vc ==1
> Now, in the Wireshark's top pane, I can select a single
> packet (all the displayed packets now are those with h223.mux.vc ==1).
> For this packet, in the Wireshark's middle pane, I can highlight
> the field "H.223 virtual circuit: 1"  by clicking on it.
> In this way, in the Wireshark's bottom pane, the bytes of interest
> are automatically highlighted.
> I can right click on the highlighted bytes field in the bottom
> pane and do "Export Selected Packet Bytes...".
> 
> I need to do that over all the packets and append all the
> bytes extracted from all the "H.223 virtual circuit: 1"
> fields in a single file. Is this possible to do in some way?
> 
> (The goal is to demultiplex and save the audio and video
> stream multiplexed in the h223 stream.)
> 
> Is possible to do such operation or I have to modify
> the h223 dissector source code with an "fwrite" in the point where
> "H.223 virtual circuit: x" is added to the Wireshark middle pane?
> 
> I already read the following discussion but seems that there isn't
> a general solution:
> http://thread.gmane.org/gmane.network.wireshark.user/928/focus=928
> 
> Thanks in advance,
>                     Fabio
>  
>  
>  --
>  Email.it, the professional e-mail, gratis per te: 
> http://www.email.it/f
>  
>  Sponsor:
>  Refill s.r.l. - Cartucce compatibili e kit di ricarica per 
> tutti i modelli di stampante. Acquista al telefono o online: 
> consegna in tutta Italia in 48 ore!
>  Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5190&d=7-2
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube