Hi I want to extract only binary data from entire conversation. How to do it ? I want pure binary data without HTTP headers. thx in advance for any help asked 05 Jan '11, 05:32  borisTheBlade edited 05 Jan '11, 05:33 |
3 Answers:
Did you try exporting the content you want? If you select File -> Export -> Objects -> HTTP Wireshark will scan the trace and list all objects that have been transfered via HTTP and allow you to save them into files. You should make sure you have the TCP option "Allow subdisector to reassemble TCP streams" enabled (which it is by default), otherwise you will only get the payload of the first packet of each object. answered 05 Jan '11, 08:05  Jasper ♦♦ |
For UDP/TCP (and for decrypted SSL sessions) you can use "Follow XXX stream" to display only the content. You can then save as Raw to save the content (without the eth/ip/XXX headers. You will have to do this for every single stream individually. So if the protocol is HTTP, you are better of with Jasper's suggestion to use the export options. answered 05 Jan '11, 15:11  SYN-bit ♦♦ |
Thx for answers. Now 2nd question - im looking for scrpit, which will capture data from 6000 streams, is there any ? I thought about using tcpflow, but it has disadvantage - all signs from captured data, that cannot be printend are changed to "." thx for any help answered 10 Jan '11, 02:12 borisTheBlade edited 10 Jan '11, 02:13 |
Then you must have used the -s parameter:
-s: strip non-printable characters (change to '.')
I just checked and my version of tcpflow (0.21) nicely outputs the binary data of an SSL session.