Thanks for the reply.
I tried this, but Wireshark just hung when trying "Save All" (been sitting there for 30 minutes now. The pcap is small - only 90K). I'll try saving only select objects, etc. later and see if that works better. Have you been using it w/o problems?
JB
If the file is transferred using HTTP, you could try File > Export >
Objects > HTTP.
On Sun, Oct 12, 2008 at 8:57 AM, Jim Balo <jimbalo22@xxxxxxxxx> wrote:
> Hi,
>
> I am trying to learn how to extract transferred files from pcap dumps.
>
> I have a pcap file with an http data transfer that is gzip-encoded
> ("Accept-encoding: gzip,deflate" in the http header). I tried
selecting and
> exporting the data portion of the two packages that seemed to be part of
> this transfer and then concatenate them, but when I try to gunzip it, I
get
> "unexpected end of file." Using Network Miner, the file decodes
just fine.
>
> I would like to learn how to do this using only Wireshark - does anyone
know
|