On May 13, 2008, at 12:16 PM, vijaya n wrote:
I am not that familiar with the filters of wireshark while capturing  
and displaying.
I went through the filters section of the documents page. All the  
filters mentioned in the help sections are present for selective  
acceptance of the packet based on filters and doing a selective  
display. Once the packet successfully goes through the filter, the  
entire packet with all the headers are stored in the capture file.
Yes.  That's what the filters are intended to do.
My requirement is once the packet clears the filter [ say ip =  
11:22:33:44 ],can  wireshark rip all the protocol headers and store  
only the payload/data part of an udp packet while storing it to a  
file?
I donot want wire shark to store the entire packets. I want it to  
capture in a file only the data part of a udp packet. Is this doable  
through the filters and dissectors part of wireshark or tcpdump?
No.  That is not what the filters are intended to do.
You could try using the "Follow UDP Stream" mechanism and saving the  
result.  That will just concatenate the UDP packet payloads, with no  
separation between them, so you will lose UDP packet boundaries if you  
do this!
There is no provision in libpcap format for a capture that has UDP  
packets, each one of which is in a separate record, with time stamps.