Read or export ASCII of packet payload / data pane in Wireshark?

3

I am trying to reverse engineer a protocol in Wireshark, and I'm not that familiar with Wireshark. I have found some of the packets that I want, and I can see the XML data in the Data View pane. I would like to get it out of there so I can clean it up and read it and start figuring out what is required to use it elsewhere.

Are the dots after every character a part of Wireshark, or a part of the protocol I am looking at? I am presuming Wireshark, so part of the reason I want the data out of Wireshark is to clean up the data.

What can I do to accomplish this goal?

I finally figured out how to multi select packets (CTRL + M), which is ridiculously tedious, but worked because I have a small set of packets to work with.

Printing them does not give me what I want, and exporting doesn't seem to do what I want. Of course, it's entirely possible I am screwing up those operations because of n00bishness.

Update

I found this article that explains how the feature was purposefully obfuscated. Well, I have found it anyways, but now I'm just getting a representation of what i saw in the data pane. I would like to just get the ASCII that is there. Is there some way in Wireshark to output this? It would be nice to mash up some packets and get their reassembled payload, like the receiver would send to the application server.

See below for graphic (courtesy of this question on Stack Overflow:

enter image description here

YetAnotherRandomUser

Posted 2017-03-13T15:34:08.393

Reputation: 1 494

You can use the LUA language to extend Wireshark - https://wiki.wireshark.org/Lua/Examples, here is an example: https://delog.wordpress.com/2010/09/27/create-a-wireshark-dissector-in-lua/

– HelpingHand – 2017-03-13T18:13:53.827

Yeah.... I was hoping for standard GUI functions... you know, like copy and paste. – YetAnotherRandomUser – 2017-03-13T19:06:43.157

Are you able to export a few frames with this data to a .pcap file and host it for people to try? – HelpingHand – 2017-03-13T20:35:22.757

Asking for sample data at this stage, for this beginner-level of a topic is weird, unnatural, and out of context, just like your recommendation to use a programming language to make some code for a program that should have some sort of copy/paste or export functionality. FYI. – YetAnotherRandomUser – 2017-03-14T11:56:16.293

Without seeing the data in context it's hard to say but can you just do this: http://imgur.com/a/HT31s

– HelpingHand – 2017-03-14T12:48:34.333

That's exactly and precisely what i was looking for. I told you I had a n00b question. But I won't get back to this till tomorrow, lol – YetAnotherRandomUser – 2017-03-14T12:59:30.213

Answers

0

The field data.text will display the data in ascii.

You can also select any field in the Packet Details window, right-click and choose "Apply as column".

WallStProg

Posted 2017-03-13T15:34:08.393

Reputation: 21

Asked: 2017-03-13T15:34:08.393

Viewed: 2 621 times

Active: 2019-12-20T12:02:35.560