Ranter
Join devRant
Do all the things like
				++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
				Sign Up
			Pipeless API
 
				From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
				Learn More
			Comments
		- 
				
				Here's the post:
 https://osqa-ask.wireshark.org/ques...
 
 In case you ever need to export stuff from a wireshark capture
 Also works with custom fields and columns, quite neat
- 
				
				yupp, I do that too. OPs tend to get upset for necroposting, but IDC - that single necropost might save someone from the struggle I had
- 
				
				Where does this whole necroposting thing even come from?
 
 I know it is a thing since ever, but i never understood, why replying to old stuff is bad. And it can't only be database performance related.
- 
				
				
- 
				
				Just a hint...
 
 JSON export format (see tshark manpage) might be easier.
 
 Though you have to be a tad careful to take an iterative approach in parsing depending on how much you stuffed into it.
 
 It comes in very handy if you want to build a siphon, as in filtering sth specific out of a tcp stream.
 
 You just filter the necessary JSON objects, create a newline delimited JSON file so you can easily append JSON object to a file without keeping stuff in memory and then you have at least one migraine less.
 
 Especially useful if you need multiple fields (-e).
 
 https://tshark.dev/capture/tshark/
 
 Capture filters / View filters are preferred of course, but anything raw like a packet stream / payload / etc. needs to be done manually.
- 
				
				@IntrusionCM I do know about the JSON, but I was trying to get 1.5 GB raw binary data out so I wanted as little overhead as possible
 
 I then converted the text file with the values printed in hex into a regular binary like the answer mentions
- 
				
				I've done that so many times on Stackoverflow just because of the amount of time I ran into these stupid motherfuckers not writing their solution.
 
 The highest upvote count I got from answering my own question is about 80. I saved plenty of lives ðŸ˜








I was looking around to do some stuff with wireshark and I stumbled across a forum question from a 2012 in which someone actually replied with the people from the future in mind.
God bless you shearn89 🫡
Youre a real one
And to those that reply "I found the solution thx" and don't post it: eat a dick
rant