Wireshark-users: Re: [Wireshark-users] Problem exporting data

From: Michael Monte <apoc1@xxxxxxxxxxx>
Date: Mon, 17 Nov 2008 19:59:08 -0500
Hi Steve,

Thanks for responding, the file does not show up in there, I see various http/xml in there, and all of the soap requests and responses show up. However it seems wireshark does not see the other the transmitted data packets as a tar file and so it seems to ignore those. I have a feeling I will have to save a c array and write a program to do it. This shouldn't be too difficult but was hoping there was a quicker way to do it. Let me know if I can send anything to help.

Mike


wireshark-users-request@xxxxxxxxxxxxx wrote:
Send Wireshark-users mailing list submissions to
	wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
	wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
	wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Re: Problem exporting data (Stephen Fisher)
   2. TCP Relative Sequence Options (Ekta Ahuja)
   3. Re: TCP Relative Sequence Options (Sake Blok)


----------------------------------------------------------------------

Message: 1
Date: Sun, 16 Nov 2008 13:05:05 -0700
From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Subject: Re: [Wireshark-users] Problem exporting data
To: Community support list for Wireshark
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii

On Sun, Nov 16, 2008 at 01:51:25PM -0500, Michael Monte wrote:

I am having problem export content data from traffic between a client and server. Basically the client uploads a file to a server and I want to grab the file out of the air.

Try going to the File menu - Export - Objects - HTTP. The file should show up in there ready for saving. Let me know if this doesn't work.


Steve


------------------------------

Message: 2
Date: Mon, 17 Nov 2008 17:37:36 +0530
From: "Ekta Ahuja" <ahuja.ekta@xxxxxxxxx>
Subject: [Wireshark-users] TCP Relative Sequence Options
To: wireshark-users@xxxxxxxxxxxxx
Message-ID:
	<99dff9ed0811170407g4584cd8bx7d29334b56c737ba@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

Hi All,

Analysis of a data using Wireshark on Windows gives me an option of
enabling/disabling (Under Edit->Preferences->Protocol->TCP)  to
enable/disable the TCP Relative Sequencing.
Now If I have to use this option on my unix box (command Line). What
Parameter do i need to append to enable this feature.

e.g.

<wireshark binary>  -r < filename> -T psml -t ad
should i append " -o tcp.seq:1 ".


Kindly help.

Thanks
Ekta.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20081117/9d51f52d/attachment.html
------------------------------

Message: 3
Date: Mon, 17 Nov 2008 17:09:12 +0100
From: Sake Blok <sake@xxxxxxxxxx>
Subject: Re: [Wireshark-users] TCP Relative Sequence Options
To: Community support list for Wireshark
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <20081117160912.GA4137@xxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii

On Mon, Nov 17, 2008 at 05:37:36PM +0530, Ekta Ahuja wrote:
   Analysis of a data using Wireshark on Windows gives me an option of
   enabling/disabling (Under Edit->Preferences->Protocol->TCP)  to
   enable/disable the TCP Relative Sequencing.
   Now If I have to use this option on my unix box (command Line). What
   Parameter do i need to append to enable this feature.

   e.g.

   <wireshark binary>  -r < filename> -T psml -t ad
   should i append " -o tcp.seq:1 ".

$ tshark -G currentprefs | grep "^tcp"
tcp.summary_in_tree: TRUE
tcp.check_checksum: FALSE
tcp.desegment_tcp_streams: TRUE
tcp.analyze_sequence_numbers: TRUE
tcp.relative_sequence_numbers: TRUE
tcp.track_bytes_in_flight: TRUE
tcp.calculate_timestamps: TRUE
tcp.try_heuristic_first: TRUE
tcpencap.tcp.port: 10000
$

So, you could use -o "tcp.relative_sequence_numbers: TRUE"

Cheers,
    Sake


------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 30, Issue 40
***********************************************