Wireshark : How to print the buffer you received in a packet in the terminal

+3 votes

I am doing an basic udp program and receiving the packet ,showing in the wireshark too ...I also want to print the buffer contents came in the packet ...How can i do it

posted Apr 14, 2014 by Sachidananda Sahu

I am assuming that you want to convert the pcap into text
check this
tshark -V -r input.pcap > output.txt.

Also try the following
open the trace in the lastest stable build of Wireshark (1.10.5 at the moment) and then select "Menu" -> "File" -> "Export Packet Dissections" -> "As Plain Text File". Select the packet range you want to see in your text file, e.g. packets 1-100 or so, and set the packet format to whatever you need. Most likely "Packet Details" or "Packet Summary line". Try both to see which one you need. (just explore the options)
No i am inside the source code of wireshark and want to take bytes of info to take different action.
I did not get you, you just want to print the buffer received in pcap...Can you please describe step by step what you have and what you tried and what is expected...:)
Suppose i send 3 byte buffer(11, 23, 45 ) using UDP and recieved in wireshark window and its showing the packet buffer too.

But i want to print the buffer in to the terminal from the wireshark source code ....  so that each time it receives it will print in the terminal.
I doubt if it is possible to provide a pop-up or something similar to display the buffer.

Though you can print the buffer after pcap_open_live function check this link where it is printing the buffer on the screen
To give more clarity on question every time wireshark receives a packet it receives in TVB ( Testy Virtual Buffer) and we have to access it.
Sachi: I am not debating on TVB part what I am saying that the link has one program which picks up the buffer from the wire and print on the sceen which is exactly you want. Take that as a reference and try to integrate in your requirement. I hope I understood the problem correctly.

1 Answer

0 votes

tvb buffer will have the exact content of packet. If you try print that you will get your data,as per my knowledge.

answer Nov 20, 2015 by Manohar
