Wireshark-users: Re: [Wireshark-users] Extracting files from pcap

Date: Sun, 12 Oct 2008 22:03:25 +0200
Hi Jim,

In my experience you better save the items one by one (Save As in stead of
Save All).
Most of the times there are a lot of "/" or "?" and you can not use these
for filenames.

HTH
Joan


>-- Oorspronkelijk bericht --
>Date: Sun, 12 Oct 2008 12:41:56 -0700 (PDT)
>From: Jim Balo <jimbalo22@xxxxxxxxx>
>To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>,
>	Abhik Sarkar <sarkar.abhik@xxxxxxxxx>
>Subject: Re: [Wireshark-users] Extracting files from pcap
>Reply-To: jimbalo22@xxxxxxxxx,
>	Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
>
>
>Thanks for the reply.
>?
>I tried this, but Wireshark just hung when trying "Save All" (been sitting
>there for 30 minutes now. The pcap is small - only 90K).? I'll try saving
>only select objects, etc. later and see if that works better.? Have you
been
>using it w/o problems?
>?
>JB
>
>If the file is transferred using HTTP, you could try File > Export >
>Objects > HTTP.
>
>On Sun, Oct 12, 2008 at 8:57 AM, Jim Balo <jimbalo22@xxxxxxxxx> wrote:
>> Hi,
>>
>> I am trying to learn how to extract transferred files from pcap dumps.
>>
>> I have a pcap file with an http data transfer that is gzip-encoded
>> ("Accept-encoding: gzip,deflate" in the http header).  I tried
>selecting and
>> exporting the data portion of the two packages that seemed to be part
of
>> this transfer and then concatenate them, but when I try to gunzip it,
I
>get
>> "unexpected end of file."  Using Network Miner, the file decodes
>just fine.
>>
>> I would like to learn how to do this using only Wireshark - does anyone
>know
>
>
>
>      
>_______________________________________________
>Wireshark-users mailing list
>Wireshark-users@xxxxxxxxxxxxx
>https://wireshark.org/mailman/listinfo/wireshark-users