Anyone reading the last few weeks of postings should be detecting a recurring theme...people want to extract images and audio with the correct file headers and names from packet streams that may or may not be contiguous.
Sounds like a big task. Frank > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Still Life > Sent: Wednesday, February 07, 2007 10:53 AM > To: wireshark-users@wireshark.org > Subject: [Wireshark-users] Save the bytes of a particular > field from all the displayed packets in one file > > > Hi to all, > my question is general but I'll use my particular > case to explain it. > I would like to save a particular portion of an "H223 > over TCP" capture file. > Imagine you develop a display filter like this: > ip.src == 192.168.0.11 && h223.mux.vc ==1 (H.223 virtual circuit: 1) > In this way I filtered the packets from one terminal to another > (ip.src == 192.168.0.11) and with h223.mux.vc ==1 > Now, in the Wireshark's top pane, I can select a single > packet (all the displayed packets now are those with h223.mux.vc ==1). > For this packet, in the Wireshark's middle pane, I can highlight > the field "H.223 virtual circuit: 1" by clicking on it. > In this way, in the Wireshark's bottom pane, the bytes of interest > are automatically highlighted. > I can right click on the highlighted bytes field in the bottom > pane and do "Export Selected Packet Bytes...". > > I need to do that over all the packets and append all the > bytes extracted from all the "H.223 virtual circuit: 1" > fields in a single file. Is this possible to do in some way? > > (The goal is to demultiplex and save the audio and video > stream multiplexed in the h223 stream.) > > Is possible to do such operation or I have to modify > the h223 dissector source code with an "fwrite" in the point where > "H.223 virtual circuit: x" is added to the Wireshark middle pane? > > I already read the following discussion but seems that there isn't > a general solution: > http://thread.gmane.org/gmane.network.wireshark.user/928/focus=928 > > Thanks in advance, > Fabio > > > -- > Email.it, the professional e-mail, gratis per te: > http://www.email.it/f > > Sponsor: > Refill s.r.l. - Cartucce compatibili e kit di ricarica per > tutti i modelli di stampante. Acquista al telefono o online: > consegna in tutta Italia in 48 ore! > Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5190&d=7-2 > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users