At 07:05 PM 11/13/2006, Jim Small wrote: >Pete, > >I didn't even realize you could do this until I read your question, but >here is one way (not sure if this is exactly what you want): >Open a capture >Narrow down the interesting packets >(For example, I do a lot of web traffic analysis so I might use a filter >such as http.content_length > 20000) >Now, let's say I see a Flash file, a GIF, or a JPEG that I want to save >- just the actual binary data, not the packet headers. >I would click on the interesting packet (assuming I have TCP and HTTP >reassembly enabled) >Next, in the packet details window (middle pane) I would click on the >relevant data portion. So for a JPEG image this would be the part that >reads JPEG File Interchange Format. >Finally, I would use the File->Export->Selected Packet Bytes menu item. >Then I would name the file and I personally change the save as type to >*.* so I can set the file extension (not completely sure this is >necessary but I do it out of habit). >Now, if I open up this file with a graphics viewing I will see that I >have a valid JPEG. > >Pretty cool stuff.
I think that would work for small amounts of data, but I'm dealing with video streams over hundreds of packets. >You can also filter by TCP streams (but I believe you can't save as raw >from the TCP Streams page). You can save as raw. It's great for video streams over TCP. I was hoping for a similar capability for UDP streams, after I'd applied a filter. Thanks Pete _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
