Loic Minier wrote:
> I would like to save data packets of a specific protocol layer in
> real time to files.
> I thought using tethereal with the -V and -x options would permit
> another program to filter it's output but the output is different in
> the case of a fragmented packet and in the case of a single
> non-fragmented packet.
> I'm interested in the Reassembled WTP part, however I'd like to get
> this dump for all WSP packets, also for those that fit in a single WTP
> packet.
>
> Is this possible in a way with current (t)ethereal?
> If not, is it something someone could be interested in - besides me -
> (read: should it be ugly hacked or nicely coded for all protocols)?
I don't think you can get it without modifying the source code.
I had a similar need for e.g. TPKT (with H.245/H.225) and a while ago and as a temporar solution I added e.g. a add_new_data_source(pinfo,my_tvb,"TPKT-DATA") in the TPKT dissector when I built my own version of Ethereal/Tethereal. That way I could get the complete/reassembled TPKT packets in the Tethereal/Ethereal printout and then I could use a separate program to extract the TPKT data from the printout and convert it into the format I needed it.
I think it would be good to have a feature to dump the complete/reassembled PDUs somehow for different protocols.