This is a static archive of our old Q&A Site. Please post any new questions and answers at

tool for saving files (html, php etc.) from capture


Hi. I am heavily using tcpdump and wireshark. Right now I need to dump traffic between some hosts and track why some webservices behave oddly. Looking in big dumps in wireshark or tcpdump is a bit problematical.

Is there a way to batch dump files from tcp captures? Some sort of multiripper known from old days.

I have tried to look for such tools but with not much success. I have found software from but it is a bit limited and works only under windows. Or something like but not as much advanced. Just dump files found in tcpdump file do a directory with some filename pattern...

asked 24 Aug '12, 00:03

ptoki's gravatar image

accept rate: 0%

3 Answers:


Why not use Wireshark? Load the trace file, and go File -> Export Objects -> HTTP and wait until the list of objects is filled. Then you can save HTTP objects to disk. Of course this is not a multirip for multiple files, but at least it pulls all objects from one file for you.

Keep in mind that you need TCP Stream Reassembly enabled to be able to do this, but this is enabled by default anyway.

answered 24 Aug '12, 02:07

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

edited 24 Aug '12, 02:09

Wow! I did not know about this function. It saves also images. very nice. It will make my life so much easier. Thank You! Is there a way to save files into different directories for each tcp connection but automatically? I know it is possible to filter one connection at a time and save them one by one...

And what if capture is 10GB in size? Does wireshark handle it?

(24 Aug '12, 03:35) ptoki


while you can do that with Wireshark, Xplico is probably better suited for this job.


answered 24 Aug '12, 02:34

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

looks interesting. I will give it a try.

(24 Aug '12, 04:00) ptoki

good luck.

(24 Aug '12, 04:13) Kurt Knochner ♦


Check this link there are few free http sniffers based on winpcap

answered 24 Aug '12, 13:11

Harsha's gravatar image

accept rate: 0%

Bingo! I have found what I needed. It is called assniffer and can be found here: Here is a hint needed to compile the source.

On mine system I just had to install libpcap-devel and apply (by hand) that patch (MAX_PATH).

Works nicely. Only problem which I see might be with multiple files which have identical name/url.

But for now it is quite fine.

Thanks for help.

(27 Aug '12, 01:13) ptoki