Seems not working as expected, addional information are included. I've managed to do that with Wireshark. Wireshark can dump TCP stream in a "conversation", to a binary file, a C array, or text representation.
And thank you all the same :) -------------------------------------------------- From: "Black, Michael (IS)" <[email protected]> Sent: Monday, August 16, 2010 7:46 PM To: <[email protected]> Subject: Re: [Winpcap-users] Can I capture TCP payloads at a specific portinto a binary file? > windump -w port1234.tcp tcp port 1234 > > Michael D. Black > Senior Scientist > Advanced Analytics Directorate > Northrop Grumman Information Systems > > > ________________________________ > > From: [email protected] on behalf of [email protected] > Sent: Sun 8/15/2010 9:45 PM > To: ML-PCap > Subject: EXTERNAL:Re: [Winpcap-users] Can I capture TCP payloads at a > specific port into a binary file? > > > BTW I found WinDump. It really have too many features. They are so many that > I can't even know whether it can do what I need. Does anyone know how can I > dump, say, bytes sent/received at TCP port 1234 to a binary file? > > From: [email protected] > Sent: Monday, August 16, 2010 10:41 AM > To: ML-PCap <mailto:[email protected]> > Subject: Can I capture TCP payloads at a specific port into a binary file? > > I'm wondering if it's technically doable to capture payloads at a TCP port > into a binary file. > > Eg, we've established a connection at A(1234), B(5678). And during some > period the parckets are: > > > A(1234)->B(5678): [1, 2, 3] > B(5678)->A(1234): [8, 8, 8] > A(1234)->B(5678): [4, 5, 6] > B(5678)->A(1234): [9, 9, 9] > A(1234)->B(5678): [7, 8, 9] > B(5678)->A(1234): [10, 10, 10] > > What I wanna do is to capture all payload bytes of TCP into some binary file, > say, A_to_B.bin, that has the following content: > [1, 2, 3, 4, 5, 6, 7, 8, 9]. > > Is it possible to do this with Wireshark? If it's not, is there any other way > to help me do this? Or do I need to write some code with WinPCap to do this? > > Best Regards > Tactoth > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users > _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
