Wireshark-users: Re: [Wireshark-users] how to extract data-text-lines
Date: Sat, 30 May 2009 12:43:38 -0400
I understand.

I found a work-around that some may find useful so I am posting it here.

I am using tshark with the -x argument so it prints in both hex and ASCII.

I then pipe the output through a little Perl script I wrote:

tshark -r file -x | ./myscript.pl

#!/usr/bin/perl

while ($line=<STDIN>) {

        chomp($line);
        @parts1=split("  ", $line);
        @parts2=split(" ", $parts1[1]);
        foreach $hvalue (@parts2) {
                if ($hvalue=~/^[0-9A-Za-z]{2}$/) {
                        print chr(hex $hvalue);
                }
        }
}



prints the ASCII content like a charm.

Cheers

On Sat  10:53 AM , j.snelders@xxxxxxxxxx sent:
> 
> On Fri, 29 May 2009 22:21:59 -0400 wireshark wrote
> 
> Hi Wireshark:)
> 
> >I would like to extract the HTML payload from a
> packet.>when I do a tshark -V on a captured file it shows
> all the details including>a section called:
> >
> >Line-based text data: text/html
> >that contains all that I need to
> extract.
> Line-based text data: text/html
> =>    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
> Transitional//EN"\n=>    \t"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&g
> t;\n
> => this is a Text item()
> 
> A Text item() is not a fieldname, so you can not filter on that.
> 
> >
> >however, when I do: tshark -T fields -e
> data-text-lines>
> >I only get back: Line-based text data:
> text/html>
> >What am I doing wrong ?
> 
> Maybe Wireshark can help a bit:
> Apply a display filter: data-text-lines
> 
> Expand only "Line-based text data" in Packet Details.
> 
> File -> Export -> File
> Packet Range: Displayed
> Packet Format: Packet Details -> As displayed
> 
> Save as plain text.
> 
> HTH
> Joan
> 
> 
> 
> 
> 
> 
>