Wireshark · Wireshark-users: Re: [Wireshark-users] Extracting files from pcap

Wireshark-users: Re: [Wireshark-users] Extracting files from pcap

From: Jim Balo <jimbalo22@xxxxxxxxx>

Date: Sun, 12 Oct 2008 12:41:56 -0700 (PDT)

Thanks for the reply.

I tried this, but Wireshark just hung when trying "Save All" (been sitting there for 30 minutes now. The pcap is small - only 90K). I'll try saving only select objects, etc. later and see if that works better. Have you been using it w/o problems?

If the file is transferred using HTTP, you could try File > Export >
Objects > HTTP.

On Sun, Oct 12, 2008 at 8:57 AM, Jim Balo <jimbalo22@xxxxxxxxx> wrote:
> Hi,
>
> I am trying to learn how to extract transferred files from pcap dumps.
>
> I have a pcap file with an http data transfer that is gzip-encoded
> ("Accept-encoding: gzip,deflate" in the http header).  I tried
selecting and
> exporting the data portion of the two packages that seemed to be part of
> this transfer and then concatenate them, but when I try to gunzip it, I
get
> "unexpected end of file."  Using Network Miner, the file decodes
just fine.
>
> I would like to learn how to do this using only Wireshark - does anyone
know

Follow-Ups:
- Re: [Wireshark-users] Extracting files from pcap
  - From: j . snelders

References:
- Re: [Wireshark-users] Extracting files from pcap
  - From: Abhik Sarkar

Prev by Date: Re: [Wireshark-users] Extracting files from pcap
Next by Date: Re: [Wireshark-users] Extracting files from pcap
Previous by thread: Re: [Wireshark-users] Extracting files from pcap
Next by thread: Re: [Wireshark-users] Extracting files from pcap
Index(es):
- Date
- Thread