mailing list archives
Re: Wireshark-users Digest, Vol 94, Issue 10
From: Mathias Koerber <mathias () koerber org>
Date: Mon, 24 Mar 2014 09:21:14 +0800
I'm trying to have tshark decode a number of packets I got from an
strace(1) output (params of write, read, recvfrom etc).
Thus they are not including any layers below UDP..
I am using Perl's String::Unescape and Data::Hexdumper to
convert them to a format similar to what od(1) would output, then
text2pcap -q -i 6 -u 10000,53
(as an example for a DNS packet) to make pcap input file
tshark -l -V -N t -r filename </dev/null >filename2 2>&1
to have tshark decode them.
However, that also decodes the dummy lower layers I had
text2pcap add to get a full packet.
1. Is there a way to not have to have text2cap add those
dummy layers (ie, can I tell tshark that all it will find
in the pcap file is UDP packet)?
2. Is there a way to have tshark only decode the UDP part
and print it in -V detail? I don't need the full dummy
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
- Re: Wireshark-users Digest, Vol 94, Issue 10 Mathias Koerber (Mar 24)