Wireshark · Wireshark-users: Re: [Wireshark-users] How can I tell if there is a JPG image in my trace.

Wireshark-users: Re: [Wireshark-users] How can I tell if there is a JPG image in my trace.

From: "j.snelders" <j.snelders@xxxxxxxxxx>

Date: Thu, 24 Sep 2009 20:48:14 +0200

Hi Andrew,

Look for the file signatures:
http://www.garykessler.net/library/file_sigs.html

Open the capture file.
Go to Edit -> Find Packet
Select Hex value: FF D8 FF E0
Find


Open the capture file with a hex editor to extract the image:
HxD - Freeware Hex Editor and Disk Editor
http://mh-nexus.de/en/hxd/

Search -> Find 
Search for: FF D8 FF E0
Datatype: Hex-values
Write down the Offset

Next search for the trailer: FF D9
Datatype: Hex-values

Select the hex-values from  FF D8 FF E0  to  FF D9
Copy & paste and save this to a separate file.
Close the hex editor and open the file with a viewer.

HTH
Joan

>From: "Andrew Lee" <andrew@xxxxxxxxxxxxxxxxxxxxxxx>
Wed, 23 Sep 2009 10:52:55 +0100 Andrew Lee wrote:

>Hi 
>
>I have a trace file which I think contains a JPG image (the trace is NOT
>from an HTTP conversation). Is there a way to determine if the trace
>contains an image and can I extract out the image?
>
>Best regards
>
>Andrew

References:
- [Wireshark-users] How can I tell if there is a JPG image in my trace.
  - From: Andrew Lee

Prev by Date: [Wireshark-users] MacOS Install Problem
Next by Date: [Wireshark-users] Cookie Length Filter
Previous by thread: [Wireshark-users] How can I tell if there is a JPG image in my trace.
Next by thread: [Wireshark-users] decode as from some offset
Index(es):
- Date
- Thread