I have an pcap file and the pcap file has a problem with protocol maybe overwritten or header missing.
But by using below tshark command I have gotten json file and inside the json I have a payload which is important for me.
tshark command: "$TSHARK_EXE" -r "$PCAP_FILE" --enable-protocol v2gtp -E header=y -E separator=, --hexdump all -T json >"$JSON_OUTPUT_FILE"
Here is the payload hex value,
"data.data": "01:fe:80:01:00:00:00:2b:80:9a:02:00:00:00:00:11:0b:7e:43:10:e0:00:40:80:30:01:02:84:a8:f8:08:18:56:99:80:00:06:0a:14:40:60:10:30:bd:75:02:03:87:81:70:00",
"data.len": "51"
So, if anyone knows that how to extract data by using this hex number then please help me.
Python would be better for me, but any solution will be appreciated.