Incidentally, I have captured SMTP and POP3 sessions with Ethereal, ran
them with "Follow TCP Streams", dumped the text to disk, and successsfully
recovered the MIME or Base64 encoded documents attached to the email.
With HTTP, FTP, et al, it's a completely different story.
- Joe
At 04:08 PM 10/26/2001, you wrote:
> I just loaded Ethereal and love how it works. Is there a way that I
> can combine the packets back into the file that was downloaded? (i.e.
> If I know someone on the network is downloading pictures can I combine
> the packets to see what the picture is)?
Not with Ethereal.
However, ethereal uses the same libpcap format for packet capture files
that tcpdump does; there are a number of tools that process libpcap
files, and I seem to remember somebody mentioning some tool on this list
that can do that sort of reassembly.
We should probably gather a list of all the tools people have mentioned
on the Ethereal mailing lists, and either add them to the "Tools"
section of the page at
http://www.ethereal.com/links.html
or check which of them aren't already mentioned on the page at
http://www.tcpdump.org/related.html
and add a link to that page from the "Useful Links" page on the Ethereal
site (actually, we should send the list of tools to tcpdump.org, add a
link to the tcpdump.org "Related Projects" page from the Ethereal
"Useful Links" page in any case).
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users