Revision history [back]
Here is two variants how you can extract udp payload:
fastest method, using gstreamer:
gst-launch-1.0 -v filesrc location="dump.pcap" ! \ pcapparse dst-ip=239.1.10.6 dst-port=1234 ! \ filesink location="udp_payload.ts"
Notes:
- pcapparse not understand _pcapng_ file format, if you have such file you can convert it in Wireshark or with mergecap:
mergecap -F pcap -w dump.pcap in.pcapng
; - pcapparse can filter packets with
src-ip
,src-port
,dst-ip
,dst-port
in any combination. To see available conversations in dump run the next:tshark -nq -r dump.pcap -z conv,udp
.
- pcapparse not understand _pcapng_ file format, if you have such file you can convert it in Wireshark or with mergecap:
slightly slower method (but still fast relative to Wireshark's follow+export), using tshark and xxd tools:
tshark -r "dump.pcap" -z follow,udp,raw,0 -q | grep -Ev '^(Follow|Filter|Node [01]): ' | grep -Ev '^={60,80}$' | xxd -r -p >"udp_payload.ts"
Notes:
- In the example above, tshark filters packets by "stream-index", the first one;
- You can select packets more explicitly by setting a filter with the following pattern:
follow,udp,raw,<src-ip>:<src-port>,<dst-ip>:<dst-port>
;
Both methods work with MPEG TS and any other payload.
Here is two variants how you can extract udp payload:
fastest method, using gstreamer:
gst-launch-1.0 -v filesrc location="dump.pcap" ! \ pcapparse dst-ip=239.1.10.6 dst-port=1234 ! \ filesink location="udp_payload.ts"
Notes:
- pcapparse not understand _pcapng_ file format, if you have such file you can convert it in Wireshark or with mergecap:
mergecap -F pcap -w dump.pcap in.pcapng
; - pcapparse can filter packets with
src-ip
,src-port
,dst-ip
,dst-port
in any combination. To see available conversations in dump run the next:tshark -nq -r dump.pcap -z conv,udp
.
- pcapparse not understand _pcapng_ file format, if you have such file you can convert it in Wireshark or with mergecap:
slightly slower method (but still fast relative to Wireshark's follow+export), using tshark and xxd tools:
tshark -r "dump.pcap" -z follow,udp,raw,0 -q | grep -Ev '^(Follow|Filter|Node [01]): ' | grep -Ev '^={60,80}$' | xxd -r -p >"udp_payload.ts"
Notes:
- In the example above, tshark filters packets by
"stream-index",_"stream-index"_, the first one; - You can select packets more explicitly by setting a filter with the following pattern:
follow,udp,raw,<src-ip>:<src-port>,<dst-ip>:<dst-port>
;
- In the example above, tshark filters packets by
Both methods work with MPEG TS and any other payload.
Here is two variants how you can extract udp payload:
fastest method, using gstreamer:
gst-launch-1.0 -v filesrc location="dump.pcap" ! \ pcapparse dst-ip=239.1.10.6 dst-port=1234 ! \ filesink location="udp_payload.ts"
Notes:
- pcapparse not understand _pcapng_ file format, if you have such file you can convert it in Wireshark or with mergecap:
mergecap -F pcap -w dump.pcap in.pcapng
; - pcapparse can filter packets with
src-ip
,src-port
,dst-ip
,dst-port
in any combination. To see available conversations in dump run the next:tshark -nq -r dump.pcap -z conv,udp
.
- pcapparse not understand _pcapng_ file format, if you have such file you can convert it in Wireshark or with mergecap:
slightly slower method (but still fast relative to Wireshark's
follow+export),expert), using tshark and xxd tools:tshark -r "dump.pcap" -z follow,udp,raw,0 -q | grep -Ev '^(Follow|Filter|Node [01]): ' | grep -Ev '^={60,80}$' | xxd -r -p >"udp_payload.ts"
Notes:
- In the example above, tshark filters packets by _"stream-index"_, the first one;
- You can select packets more explicitly by setting a filter with the following pattern:
follow,udp,raw,<src-ip>:<src-port>,<dst-ip>:<dst-port>
;
Both methods work with MPEG TS and any other payload.
Here is two variants how you can extract udp payload:
fastest method, using gstreamer:
gst-launch-1.0 -v filesrc location="dump.pcap" ! \ pcapparse dst-ip=239.1.10.6 dst-port=1234 ! \ filesink location="udp_payload.ts"
Notes:
- pcapparse not understand _pcapng_ file format, if you have such file you can convert it in Wireshark or with mergecap:
mergecap -F pcap -w dump.pcap in.pcapng
; - pcapparse can filter packets with
src-ip
,src-port
,dst-ip
,dst-port
in any combination. To see available conversations in dump run the next:tshark -nq -r dump.pcap -z conv,udp
.
- pcapparse not understand _pcapng_ file format, if you have such file you can convert it in Wireshark or with mergecap:
slightlyslower method (but still fast relative to Wireshark's expert), using tshark and xxd tools:tshark -r "dump.pcap" -z follow,udp,raw,0 -q | grep -Ev '^(Follow|Filter|Node [01]): ' | grep -Ev '^={60,80}$' | xxd -r -p >"udp_payload.ts"
Notes:
- In the example above, tshark filters packets by _"stream-index"_, the first one;
- You can select packets more explicitly by setting a filter with the following pattern:
follow,udp,raw,<src-ip>:<src-port>,<dst-ip>:<dst-port>
;
Both methods work with MPEG TS and any other payload.
Here is two variants how you can extract udp payload:
fastest method, using gstreamer:
gst-launch-1.0 -v filesrc location="dump.pcap" !\pcapparse dst-ip=239.1.10.6 dst-port=1234 !\filesinklocation="udp_payload.ts"location="udp_payload.ts"Notes:
_Notes_:
- pcapparse not understand _pcapng_ file format, if you have such file you can convert it in Wireshark or with mergecap:
mergecap -F pcap -w dump.pcap in.pcapng
; - pcapparse can filter packets with
src-ip
,src-port
,dst-ip
,dst-port
in any combination. To see available conversations in dump run the next:tshark -nq -r dump.pcap -z conv,udp
.
- pcapparse not understand _pcapng_ file format, if you have such file you can convert it in Wireshark or with mergecap:
slower method (but still fast relative to Wireshark's expert), using tshark and xxd tools:
tshark -r "dump.pcap" -z follow,udp,raw,0 -q | grep -Ev '^(Follow|Filter|Node [01]): ' | grep -Ev '^={60,80}$' | xxd -r -p>"udp_payload.ts">"udp_payload.ts"
Both methods work with MPEG TS and any other payload.