[Scott Renfro <scott@xxxxxxxxxx>]

On Tue, Aug 21, 2001 at 04:21:17PM +0100, Bradley Schatz wrote:
> 
> Is there a method of scripting Ethereal so that It might look into the
> HTTP header of requests, then create a file on the filesystem with the
> name of the resource, and dump the response body into the file?
> 
> Ethereal works great for web application debugging, but I sometimes find
> myself needing to catch all HTTP traffic to a site, in a volume that
> exceeds my mousing ability.

Not there's not.  I had a somewhat similar need a few months ago and
wrote some utilities on top of libnids that you may be able to use with
some modification.

There's a patch to libnids to read from stored capture files, a program
to extract reassembled TCP streams (so that packets from different
streams are not interlaced in the output), and a post-processing perl
script that extracts paragraphs of HTTP headers from the payloads.  You
should be able to get away with just modifying the perl script.

You can find it at http://www.renfro.org/scott under
extract_tcp_payloads.  It's been tested on FreeBSD, but should work find
on other platforms to which libpcap and libnids have been ported.

cheers,
--Scott

-- 
Scott Renfro <scott@xxxxxxxxxx>                          +1 650 862 4206