Wireshark-users: Re: [Wireshark-users] export all ascii data from multiple streams to one text fi
On Thu, 2011-03-17 at 14:20 +0200, Coert Waagmeester wrote:
> Hello all.
>
> I have done a sniff of 29 computers using a service that is
> predominantly plain text.
>
> In wireshark I have the display filter set to only the 'plaintext' port.
> There are 29 seperate streams which I can export seperately.
> But I would like to export all ASCII data from all the displayed packets
> into a text file.
>
> How can I do that?
>
>
> Kind regards,
> Coert Waagmeester
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
If I recall correctly you can use tshark to read the capture file and
output the stream(s) in ascii to a file.
I don't have all of the switches but e.g. if you want to display all
traffic from client IP 192.168.0.1 you would run the following using -x
to dump it out in hex && ascii:
tshark -x -R "ip.addr == 192.168.0.1" -r /tmp/capture.cap > output.txt
I found and tested this example by running a quick google search. I hope
it helps.
Cheers-
David
