Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Showing UDP payload in Packet List?

From: wsgd <wsgd@xxxxxxx>
Date: Fri, 03 Apr 2009 21:42:05 +0200
Hello,

I do not know if what you ask is possible.


But perhaps I have a "solution" if :
- using wireshark 1.0.x
- using wireshark on windows
- there is no zero inside your ascii data (or you do not care of what is after)


Download dll at http://wsgd.free.fr and put it inside <wireshark dir>/plugins/<version>

Put also the joined file in the same directory.
Put the good port value on the line PARENT_SUBFIELD_VALUES.

Let's Go.
The ascii data will appear :
- into the info column
- inside [ ]



Olivier


Hopson, John a �crit :
I have a logger that emits simple UDP packets with an ASCII payload (no decode needed). I would like to use Wireshark as a log viewer, but I'm struggling with displaying the UDP payload as a column in the Packet List. The UDP filter fields only seem to include header elements. FYI - The data appears correctly in the Packet Bytes pane, it's just cumbersome to view log messages that way. Thanks in advance. John Hopson ------------------------------------------------------------------------

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


--
Wireshark Generic Dissector http://wsgd.free.fr

# Debug global flag
# DEBUG

# Protocol's names.
PROTONAME         ascii_basic_only Protocol
PROTOSHORTNAME    ascii_basic_only
PROTOABBREV       ascii_basic_only

# Specify when the dissector is used.
# PARENT_SUBFIELD          tcp.port
# PARENT_SUBFIELD_VALUES   80
PARENT_SUBFIELD          udp.port
PARENT_SUBFIELD_VALUES   25000


PACKET_CONTAINS_ONLY_1_MSG         no
PACKET_CONTAINS_ONLY_COMPLETE_MSG  yes


# The packet must begin by the header.
# It must contains MSG_ID_FIELD_NAME and any MSG_SUMMARY_SUBSIDIARY_FIELD_NAMES.
MSG_HEADER_TYPE       PDU_Header

# Field which permits to identify the message type.
# Must be part of MSG_HEADER_TYPE.
MSG_ID_FIELD_NAME                PDU_Type

# Optional fields displayed into the 1st line.
# Must be part of MSG_HEADER_TYPE.
# MSG_SUMMARY_SUBSIDIARY_FIELD_NAMES    length


# The main packet type.
# Must contains the header.
MSG_MAIN_TYPE      PDU_Header


# Defintions de la structure des paquets.
PROTO_TYPE_DEFINITIONS

# Debug flag only for interpreting the types
# DEBUG

struct PDU_Header
{
  string    PDU_Type;
  # If there is new line in ascii data.
#  string_nl    PDU_Type;
}