Wireshark-users: Re: [Wireshark-users] Save the bytes of a particular field from all the displaye

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Tue, 20 Feb 2007 17:19:17 -0800
On Wed, Feb 07, 2007 at 01:54:48PM -0600, Frank Bulk wrote:

> Anyone reading the last few weeks of postings should be detecting a 
> recurring theme...people want to extract images and audio with the 
> correct file headers and names from packet streams that may or may not 
> be contiguous.

I have committed an initial version of a content listing/saving feature 
for the HTTP protocol.  I would appreciate if anyone could try it out 
and give feedback on the implementation and if they can think of a 
better top-level menu to put it under (View perhaps?).  Support for 
other protocols may come in the future.

It is currently available in the latest developer versions under 
Statistics -> Content List -> HTTP.  You can view/save the list of 
content after a capture file is loaded or with real-time updates as a 
capture is running.  You can download the Windows developer version or 
Windows/Unix source code below.  PLEASE NOTE: These are developer 
versions that you should use with caution - they may have bugs or 
unfinished features in them still.  It will overwrite your installed 
version of Wireshark, but will retain your preferences.  You can usually 
uninstall the developer version and re-install a release without losing 
anything.

Windows:
  http://downloads.wireshark.org/download/automated/win32/

Windows/Unix source code:
  http://downloads.wireshark.org/download/automated/src/

(Pick a filename with 20880 or higher in the name)


Thanks,
  Steve