You could try netwitness Investigator, http://www.netwitness.com/products/investigator.aspx as it is meant for app level investigations. It is a free. Take a look at youtube there are some nice intro videos up there.
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Simon Greifswald
Sent: Monday, September 27, 2010 10:49 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Extracting payload from ethernet dumps
Hello,
I have several gigabytes of dumped network traffic in files, and I need to
extract the payload from each packet. So, I want to discard all link layer,
internet layer, transport layer headers and only extract the udp packet's
payload in a new file.
If it were not so much data, I used the wireshark gui's "Follow stream"
function, but sadly this is not an option since there are too many files to
parse. I would rather have a script do it for me. So what I need is a way
using tshark, tcpdump or so to strip the headers from the packets.
Does anyone know a tool which can be used to do this?
Thanks in advance,
Simon
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe