Parse out UDP information with tshark (Wireshark) or Python

Question

I am broadcasting UDP packets between 2 machines and listening to them on a third machine. I can see the packets in Wireshark and need any easy way to obtain the "Data" portion of the UDP packets. I have been able to dump the packet infromation to a file using tshark

C:>tshark -V -R "udp" > C:/test.txt

However, this prints out everything in the packet, and i only want to print out the "Data" portion. Is there a way to do this?

Also, if there is a way to capture this in Python, that would be great as well. I have set up the following code:

Host = "myip"
Port = 5000
While True:
    sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
    sock.bind((Host,Port))
    data = sock.recv(4096)
    sock.close()

When i implement this code, using my "listening" pc, no data is received. When i implement this code, using one of my two communicating pcs, "The requested address is not valid in its context"

Mind you, I see all the data being passed between the 2 pcs in Wireshark on my "listening" pc.

Thanks!

You might (if you are allowed to) edit your post to make code look nice — AndreaG, Nov 06 '11 at 18:32

score 0 · Accepted Answer · answered Apr 28 '12 at 06:47

0

McFly,

If you want to do sniffing and display/parse packets in Python, Scapy is the way to go here. Just drop tshark as Scapy can automatically do 99% of what tshark can do out of the box.

answered Apr 28 '12 at 06:47

dc5553

1,243
11
21

Parse out UDP information with tshark (Wireshark) or Python

1 Answers1