Hi yall,
Is there a way I can print some number of bytes at an arbitrary offset without writing a complete dissector?
For example, in the following packet I'd like to be able to strip out the two bytes starting at 0x0030. Ideally, I'd be able to use this with -e to tshark and have it print 4f88 for this packet.
Possible?
Thanks in advance.
Frame 8143 (1346 bytes on wire, 1346 bytes captured)
Ethernet II, Src: Unispher_40:a6:34 (00:90:1a:40:a6:34), Dst: 01:00:5e:40:0a:c3 (01:00:5e:40:0a:c3)
Internet Protocol, Src:
10.199.11.79 (
10.199.11.79), Dst:
239.192.10.195 (
239.192.10.195
)
User Datagram Protocol, Src Port: 1077 (1077), Dst Port: 16002 (16002)
Data (1304 bytes)
0000 01 00 5e 40 0a c3 00 90 1a 40 a6 34 08 00 45 60 ..^@
[email protected]`
0010 05 34 00 00 40 00 3c 11 28 c0 0a c7 0b 4f ef c0 .4..@.<.(....O..
0020 0a c3 04 35 3e 82 05 20 6b 7d 4c 44 41 53 00 00 ...5>.. k}LDAS..
0030 4f 88 00 00 30 09 00 00 4f 88 01 8d a3 00 00 00 O...0...O.......
0040 05 00 ca 4b 85 25 fa 00 ea cf f4 3b f7 ce ba eb ...K.%.....;....
0050 e0 f4 d7 92 75 f7 de b9 73 7e bf 73 ce 37 79 bc ....u...s~.s.7y.
0060 34 ee e2 4a 30 8c 67 82 1c d6 83 34 dc 64 9e 67 4..J0.g....4.d.g
0070 bd 18 9e 79 75 e8 d2 b8 6e af 26 af 3d 59 e1 79 ...yu...n.&.=
Y.y
0080 3b 09 fe c9 f9 7a 7c de 8e 5e 1a cf e1 4a d3 c1 ;....z|..^...J..
0090 46 73 ea fc 6a 20 cf 75 c1 4d be 5f 5b 0d fa e0 Fs..j .u.M._[...
00a0 3b 66 ff 6a 0b 7d 1f b9 e6 5d de a3 8e 2b e6 9e ;f.j.}...]...+..
00b0 c8 73 a9 47 9e 69 b7 be e7 33 d1 35 17 eb 7a 93 .s.G.i...3.5..z.
00c0 ba 68 67 93 76 36 69 a7 d1 b9 7d d6 ea 2c 38 77 .hg.v6i...}..,8w
00d0 5b 39 be 95 a3 97 8b f0 9f 5c 0d 74 01 4a bb 45 [9.......\.t.J.E
--
-jp
Chuck Norris doesn't give Christmas presents. If you live to see Christmas, that is your Christmas present from Chuck.
