Ethereal-users: Re: [Ethereal-users] Help with combining packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 26 Oct 2001 13:08:44 -0700 (PDT)
> I just loaded Ethereal and love how it works.  Is there a way that I
> can combine the packets back into the file that was downloaded? (i.e. 
> If I know someone on the network is downloading pictures can I combine
> the packets to see what the picture is)?

Not with Ethereal.

However, ethereal uses the same libpcap format for packet capture files
that tcpdump does; there are a number of tools that process libpcap
files, and I seem to remember somebody mentioning some tool on this list
that can do that sort of reassembly.

We should probably gather a list of all the tools people have mentioned
on the Ethereal mailing lists, and either add them to the "Tools"
section of the page at

	http://www.ethereal.com/links.html

or check which of them aren't already mentioned on the page at

	http://www.tcpdump.org/related.html

and add a link to that page from the "Useful Links" page on the Ethereal
site (actually, we should send the list of tools to tcpdump.org, add a
link to the tcpdump.org "Related Projects" page from the Ethereal
"Useful Links" page in any case).