Ethereal-users: Re: [Ethereal-users] ftp-data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 3 Nov 2003 13:14:36 -0800

On Nov 3, 2003, at 4:47 AM, Giorgio Mulas wrote:
Then I apply the filter ftp-data and save the packets. I think the packets are now in ASCII.
If you used the "Save As..." menu item, they're not in ASCII, they're in some packet capture file format, probably libpcap format. That format contains link-layer headers, and headers above it, such as IP and TCP headers.
It also contains TCP packets in the reverse direction, such as the initial and final 3-way handshake, as well as ACKs.
You *might* be able to get just the data if you select one of the ftp-data packes, use the "Follow TCP Stream" menu item from the "Tools" menu, and use the "Save As" button in the "Contents of TCP stream" window.