Wireshark-dev: [Wireshark-dev] Save the bytes of a particular field from all the displayed pack
Excuse the double post here and on "wireshark-users",
the question span over the two topic...
Hi to all,
my question is general but I'll use my particular
case to explain it.
I would like to save a particular portion of an "H223
over TCP" capture file.
Imagine you develop a display filter like this:
ip.src == 192.168.0.11 && h223.mux.vc ==1 (H.223 virtual circuit: 1)
In this way I filtered the packets from one terminal to another
(ip.src == 192.168.0.11) and with h223.mux.vc ==1
Now, in the Wireshark's top pane, I can select a single
packet (all the displayed packets now are those with h223.mux.vc ==1).
For this packet, in the Wireshark's middle pane, I can highlight
the field "H.223 virtual circuit: 1" by clicking on it.
In this way, in the Wireshark's bottom pane, the bytes of interest
are automatically highlighted.
I can right click on the highlighted bytes field in the bottom
pane and do "Export Selected Packet Bytes...".
I need to do that over all the packets and append all the
bytes extracted from all the "H.223 virtual circuit: 1"
fields in a single file. Is this possible to do in some way?
(The goal is to demultiplex and save the audio and video
stream multiplexed in the h223 stream.)
Is possible to do such operation or I have to modify
the h223 dissector source code with an "fwrite" in the point where
"H.223 virtual circuit: x" is added to the Wireshark middle pane?
If i need to modify the source code is there anyone who could give me
some suggestion?
I already read the following discussion but seems that there isn't
a general solution:
http://thread.gmane.org/gmane.network.wireshark.user/928/focus=928
Thanks in advance,
Fabio
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Scopri la tradizione del buon vino, offerta di benvenuto con regalo
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=3926&d=7-2