This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

reconstructing HTTP object

0

Hello, Is there any method to reconstruct HTTP objects using tshark (not wireshark)? Otherwise, could you tell me any other tools to do this?

Thanks.

asked 18 Feb '13, 05:33

fates's gravatar image

fates
35459
accept rate: 0%

One Answer:

1

Is there any method to reconstruct HTTP objects using tshark

I guess you are talking about an export of 'objects' transmitted via HTTP (files, videos, images, etc.). If so, then there is no easy way to do that in tshark, as there is no such functionality built in. As you are asking for tshark (not Wireshark) I assume you want to automate things, right?

If so, these tools may or may not be interesting for you:

https://isc.sans.edu/diary/Tools+for+extracting+files+from+pcaps/6961

For scripting purposes, justsniffer (Linux) or assniffer (Windows) are probably better tools to extract HTTP data 'objects'.

BTW: Additionally you might be interested in my answer to the following question:

http://ask.wireshark.org/questions/15560/headless-automate-export-object-when-capturing-packeting

Regards
Kurt

answered 18 Feb '13, 07:59

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 18 Feb '13, 08:02

Thanks Kurt. I'll try it. :)

(18 Feb '13, 08:01) fates

Good luck!

Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.

(18 Feb '13, 08:03) Kurt Knochner ♦