First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

export to csv for more than 24 bytes data

  • retag add tags

Dear Sirs,

I exported the 32 bytes received data (UDP) into csv format. Only 24 bytes data frame is correctly exported to csv format but rest of 8 bytes are trashed. And I noticed that data shown in packet list window is also 24 bytes and following 8 bytes are collapsed and displayed as "...". Does anyone know how to export more than 24 bytes data into csv format ?

Best regards, Goma Fusa

goma_fusa's avatar
1
goma_fusa
asked 2019-12-12 07:12:57 +0000
edit flag offensive 0 remove flag close merge delete

Comments

What is the field name being exported that contains the UDP data?

Chuckc's avatar Chuckc (2019-12-12 13:24:04 +0000) edit
more
  • delete

Hello

Field name is data.data of Custom. Thank you in advance

Best regards

goma_fusa's avatar goma_fusa (2019-12-12 13:45:42 +0000) edit
more
  • delete

Still looking at GUI. Here's an example with tshark:

$ tshark --disable-protocol dns -r ./dns-ptr.pcapng -T fields -e data.data | head -2
2fc901000001000000000000033231390236370232320331393507696e2d61646472046172706100000c0001
48c8010000010000000000000332303703313530013602323407696e2d61646472046172706100000c0001
Chuckc's avatar Chuckc (2019-12-12 15:08:44 +0000) edit
more
  • delete

What version of Wireshark?

grahamb's avatar grahamb (2019-12-12 15:12:51 +0000) edit
more
  • delete

my version is 3.0.7

goma_fusa's avatar goma_fusa (2019-12-12 20:40:00 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

It's hard coded to a max of 48 characters.

/* Max string length for displaying byte string.  */
#define MAX_BYTE_STR_LEN        48


That's 16 bytes if a space is between each hex byte or 24 bytes with no spacer as in data.data.
tshark might be the best method.

Chuckc's avatar
3k
Chuckc
answered 2019-12-12 15:34:36 +0000
edit flag offensive 0 remove flag delete link
more

Comments

$ tshark --disable-protocol dns -r ./dns-ptr.pcapng -T fields -Eheader=y -Eseparator="," -Equote=d -e frame.number -e data.data
frame.number,data.data
"1","2fc901000001000000000000033231390236370232320331393507696e2d61646472046172706100000c0001"
"2","48c8010000010000000000000332303703313530013602323407696e2d61646472046172706100000c0001"

Info on all tsharkoptions here: https://www.wireshark.org/docs/man-pa...

Chuckc's avatar Chuckc (2019-12-12 15:56:51 +0000) edit
more
  • delete

Now I solved the issue by tshark based on your answers. Many thanks for your support !!

goma_fusa's avatar goma_fusa (2019-12-12 20:38:22 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer