Hello,
While doing off-line analysis of some HTTP traffic, I would like to
reconstruct the results back into a webpage. I understand the GUI
has the TCP reassembly [1,2,3], plus the HTTP dissector understands
data such as JPEGs. What I'd like to do is feed a pcap session
into tethereal, reconstruct an HTTP session, and have the HTTP
dissector magically spit out a web page.
To do this seems non-trivial to me, since there might be multiple
TCP sessions for one web page (e.g. a JPEG download). So, I'd
assume a state machine of some sort. Example: the initial page had
some image src, so the state machine would check to see if there
were any HTTP requests for the link. Then this has the added
difficulty that time would be the only thing to separate multiple
downloads of the same file (JPEG Session 1 was 10 seconds later,
JPEG Session 2 was 60 seconds later, JPEG Session 3 was 120 seconds
later - use JPEG Session 1).
So, does this functionality exist? If so, what did I miss in
reading up on reassembly? If not, I'd like to put this up on the
Wishlist.
TIA,
Jon
[1] http://wiki.ethereal.com/TCP_20Reassembly
[2]
http://www.ethereal.com/docs/user-guide/ChAdvFollowTCPSection.html
[3] http://www.ethereal.com/docs/user-guide/ChAdvReassemblySection.html
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail