Wireshark · Wireshark-users: [Wireshark-users] Extracting files from pcap

Wireshark-users: [Wireshark-users] Extracting files from pcap

From: Jim Balo <jimbalo22@xxxxxxxxx>

Date: Sat, 11 Oct 2008 21:57:21 -0700 (PDT)

Hi,

I am trying to learn how to extract transferred files from pcap dumps.

I have a pcap file with an http data transfer that is gzip-encoded ("Accept-encoding: gzip,deflate" in the http header). I tried selecting and exporting the data portion of the two packages that seemed to be part of this transfer and then concatenate them, but when I try to gunzip it, I get "unexpected end of file." Using Network Miner, the file decodes just fine.

I would like to learn how to do this using only Wireshark - does anyone know of a good guide on how to do this in Wireshark?

Thanks,

Follow-Ups:
- Re: [Wireshark-users] Extracting files from pcap
  - From: Abhik Sarkar

Prev by Date: [Wireshark-users] Launching Wireshark from .NET and reading pcap data from stdin (corrected)
Next by Date: Re: [Wireshark-users] Extracting files from pcap
Previous by thread: [Wireshark-users] Launching Wireshark from .NET and reading pcap data from stdin (corrected)
Next by thread: Re: [Wireshark-users] Extracting files from pcap
Index(es):
- Date
- Thread