The title is a little vague(sorry for that)- I have two computers which are plugged into the same router. Now i have arp poisoned my router so whatever goes through it is captured in my wireshark terminal. What i need to to is the following- If a user on the 2nd computer a downloads a 1mb file(program), I want to be able to see the exact file that he downloaded-That is i want to have a copy of the file that he downloaded. I want to know if this is possible to know and if so how i would go about doing it. asked 20 Apr '12, 22:20  Developer edited 20 Apr '12, 22:21 |
One Answer:
If the download is done via HTTP or SMB you could just export the file using the File -> Export -> Objects menu (you might have to re-enable TCP packet reassembly if you turned it off, default is turned on). Otherwise you could try exporting the payload by using the "Follow TCP Stream" popup menu item on the communication that contains the file. answered 21 Apr '12, 04:03  Jasper ♦♦ |
