windump -w port1234.tcp tcp port 1234 Michael D. Black Senior Scientist Advanced Analytics Directorate Northrop Grumman Information Systems
________________________________ From: [email protected] on behalf of [email protected] Sent: Sun 8/15/2010 9:45 PM To: ML-PCap Subject: EXTERNAL:Re: [Winpcap-users] Can I capture TCP payloads at a specific port into a binary file? BTW I found WinDump. It really have too many features. They are so many that I can't even know whether it can do what I need. Does anyone know how can I dump, say, bytes sent/received at TCP port 1234 to a binary file? From: [email protected] Sent: Monday, August 16, 2010 10:41 AM To: ML-PCap <mailto:[email protected]> Subject: Can I capture TCP payloads at a specific port into a binary file? I'm wondering if it's technically doable to capture payloads at a TCP port into a binary file. Eg, we've established a connection at A(1234), B(5678). And during some period the parckets are: A(1234)->B(5678): [1, 2, 3] B(5678)->A(1234): [8, 8, 8] A(1234)->B(5678): [4, 5, 6] B(5678)->A(1234): [9, 9, 9] A(1234)->B(5678): [7, 8, 9] B(5678)->A(1234): [10, 10, 10] What I wanna do is to capture all payload bytes of TCP into some binary file, say, A_to_B.bin, that has the following content: [1, 2, 3, 4, 5, 6, 7, 8, 9]. Is it possible to do this with Wireshark? If it's not, is there any other way to help me do this? Or do I need to write some code with WinPCap to do this? Best Regards Tactoth
<<winmail.dat>>
_______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
