Search code examples
wiresharkwireshark-dissector

wireshark display payload data in strange way

I am using wireshark for mac to capture packet on my mac. I could view payload data in data view pane. I hope to export selected column into a csv file so I right click on the data area and apply it as column. Here I get a wired output display; the data column just shown as the check mark. How could I make things right?enter image description here version stable 3.2.4

Solution

  • You can use tshark (Wireshark's CLI) to output the data component of packets like so:

    $ tshark -T fields -e data

    Data will be printed one item per line, so technically if you send this output to a file (>), this could be a valid CSV if there are no commas in the data.

    You may want to look at tshark's manpage.