How to extract raw data from TCP packets using Wireshark

Question

Completely new to Wireshark and wondering how to extract the data from the TCP packets which I receive on wireshark.

I am currently using a raspberry pi with grove sensors and getting the values of pressure and temperature. I am sending these values to a server in cloud and it is working. I am using wireshark to trace the packets.

Now I want to extract the data (i.e the pressure value and temperature value) from the packets and store them in a file for further implementation. Is there a way to do it? If yes, then can anyone please explain? It will be helpful.

Thanks.

Answer 1

Most convenient way is saving whole TCP stream into file. Right click on any TCP packet of desired stream, choose "Follow -> TCP stream" and you will see window for managing stream data. You can choose, which data to save (one-direction, or both), which format will be used for output and so on. Check pict below:

The other way is saving data from any packet individually. Since you aren't interested in whole packet, you can select only payload part. Check picture below, where I selected HTTP part of the packet (I marked field with red arrow for clearance). In your case, it will be some field with raw data. Once highlighted the right field, right click on it, choose "copy" and select desired format. Data will be placed into buffer, so you need to paste it into some application. If raw binary is chosen for format, you need application capable of pasting binary data. I use frhed for this task.