Ethereal-users: [Ethereal-users] Dumping data of a specific protocol

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Loïc Minier <lool+ethereal@xxxxxxxxxx>
Date: Sun, 3 Aug 2003 11:30:09 +0200
     Hello list,

 I would like to save data packets of a specific protocol layer in
 real time to files.
   I thought using tethereal with the -V and -x options would permit
 another program to filter it's output but the output is different in
 the case of a fragmented packet and in the case of a single
 non-fragmented packet.

 To give a precise exmaple, my protocol stack is something like
 (parenthesis show the type of the packets I'm interested in):
   MMSE (m-send-req)
   WSP  (post)
   WTP
   UDP
   IP

   Sometimes, the WSP packet is too big to fit in a single WTP packet,
 so the WTP dissector reassembles the WTP and it's dissected by the WSP
 dissector. In tethereal's output, this gives:

    Frame xx

    <hex data>

    MMSE
      type m-send-req
      ...
    WSP
      url
      ...

    *Reassembled WTP:*

    hex data


   I'm interested in the Reassembled WTP part, however I'd like to get
 this dump for all WSP packets, also for those that fit in a single WTP
 packet.

 Is this possible in a way with current (t)ethereal?
   If not, is it something someone could be interested in - besides me -
 (read: should it be ugly hacked or nicely coded for all protocols)?


 Another problem I get is that I'd like to limit the output of tethereal
 with m-send-req's to a customizable address. It's easy to achieve with
 a read filter like « mmse.to eq \"john.doe@domain\" », but this seems
 obly possible when using capture files instead of real time listening.


    Any thoughts appreciated,

     Best regards,

-- 
Loïc Minier <lool@xxxxxxxx>