This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

As i mentioned i need to extract html code of a website from a wire shark capture file and save it as an html file so it will display relatively the same as if i was on the site but it just displays random characters, i understand how to follow tcp streams and that's how i am saving these specific packets but each test ends in failure... Do i have to save the capture file first before i try to extract?

Update 1!

This is code that is generated when i try to follow the tcp stream and export the packet (Note that no matter what setting i use it will not show up as having html, no matter what packet i try to read(Aside from a few))

GET /download.html HTTP/1.1

Host: www.wireshark.org

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: ln_sess=959910332560; __utma=87653150.804353448.1362024480.1362024480.1362024480.1; __utmb=87653150.1.10.1362024480; __utmc=87653150; __utmz=87653150.1362024480.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ln_c=1362024495742%2C/download.html%2C1

Connection: keep-alive

Cache-Control: max-age=0

HTTP/1.1 200 OK

Date: Thu, 28 Feb 2013 01:24:52 GMT

Server: Apache/2

Accept-Ranges: bytes

X-Mod-Pagespeed: 1.2.24.1-2300

Vary: Accept-Encoding

Content-Encoding: gzip

X-Slogan: It's a great product with a great story to tell. I'm pumped!

Cache-control: max-age=0, no-cache

Content-Length: 5510

Keep-Alive: timeout=5, max=90

Connection: Keep-Alive

Content-Type: text/html

...........\.r........L..3.).....r./I.q.%.....
"!.6E0.)Y.3U.i...'....Y..d....X$.t7z..X...u......1yy...t....:$N.....=....<.q.M.;~..g.$....f3w..
9...{.d..x*..O. ..N.)...F.6.....~....s.%Sc*..O...".'Gb....O=S..4....,l.....
Y.........\...2Bn....F .H.Q.\_L.S.N#.........t.$...NmvW.I.1k;..N<_)G..%...2.X
e...`...;S.V...7....1.1.3.......g.......k.../.........H!...*...'...Ie..I.h/-.....?....m.~..1A)[email protected]_D.........v.Y...T....E.....}..h.%.....c....qB....w..I.Q...T.^..G...Mz....tFS...........).A{&i.3Y.`.....RmG....s*...]..$U......vB..jD.j..X)|"D........w.V<.3.J.=.......
....D.C1..
..4...{."._.I~....h......G......0.`D.|.E'c!.'0.
.b`......d
...).....K...!.l!T...1.....N....x.J}.b.YI..L..K..%.Z.....D.<..4^*..G1<.j/)I7X/.....K..].....1#3!.`C...l"TB .....R$..!.x.......:|)./...R..8..hn..n.g5.y.....iz....w...q..AV.8...z..%..g.5.OX........0.x.".bf=...UO.6....63..\...MY.5.L.n.5..............1p.4.R...H..nN...+.T......-.....:
.3.g.a....
..'....9eTFk.2fa\QH |.k...K/..
.,.....jA..uE(y.2..^..!.h.rr.N.V...H.)...u.C.....r.zG...WU6..t.FP..3.]c...~...z....3..E{.#r&...q|...e..=B3.x.u.S.j`Sf.n.l).7..........l.....T0.c..?N.+.....$.....l..i$"5.nhn..l.....qP%.......P.....GSHSh."[email protected][email protected]\.,zNq........V...\!sb.6...iZ..._.hR..f.16.....)k.T&...8...?z.........m.4..l...~..>.&..%.S....%[email protected]#Q..k..V..t0.Y.g.&...-....H.A.5.E-...j1Zy......T
.fo........h.vnT...P.U.#.+...k..h.4...D"...p.....R.L3..>....%."[.,.%.x..M[[email protected]"M........)..b.S..8..)..Q......[.(umYv. t$...OHd#.Q..(.uE..F..c...gTQ.c..C...*R.C.DC%r....M.Y,A ....t.........P.....}[email protected]_.
....D........fq.......H...6..]....Cl..Y..t.)M.A.I.4!ApH.,...T.hu.L...:(....y.M...t....P..u.....H.Ae......L.M.0....6..3..!...T....E......h...n.. ....q.....V..............u].c .,.@j.......;=..i6.]....)..h.....h...h..D3..ME.v..
f..U.`...n.tB.;..r:=.J....x{.w..}..Qv...Y..].....l..`...C........CX..Z.?.....:....+..d..`L......./...R*..F*...li......'....|.............B|..U...!......z...Vy.....H|...V.......i....vq.....2......-.....q....pe..*7..N.....{t.-x....`..qt...@6..o...X{B...,Y.....:ji.......K:.E.X
h1Q.H.4...Y.N.....u.
..D[..D%.z.ZH.
qEx.+.$.1........&....W....
[email protected]+a......M...Obh.*..+\...U-.*Ii.Ri.{..x.=\.T.j..U|.)..B.Ua{8.....Q.+q..v..k.Y/..W.V6...U.Q../..*....HAL..
)..Y.4|.V..F..1..\0S.h.)2.........t1...Zl....2.s`.U...7I.
SVC.,.~.I*.K^
I.X.U.vQ......Y.J1.:..f.y..R0$.%..pT.D-k.<...%`...y.Bb...X/..l!5'..X..X.)..X.y..v.j.".f7:..O....A_.....%..........-...b.NY,.b.x".\.....2v1.B..).....U.,.....um..4x. .....D..L..C."vs........
g.lP.
[email protected]'...Bc..s\L.O.b.%.*.!....
r.j..r.m..<..........S...].>BTg.n..e.OU=v.?w... .p...f...~.Ps1r.W.;M..t.O^..
...*#A.#.U..
...."...*67{Sa.{..\Lo....Dx...A....>......IA...,H.dV"..b
..A.......-.cY...).....[%..$.${....h.....M#^.
..Um
YWE.....*.B83.Y.....|....[9DLNq..rE.7..o....).l....>_.}.........S...e.;aO.x.e....P...(.......+..2..,.8..z.R.#.k....q_y.....r.........o...-ZN....i;.1..C...8.(|[email protected]"j.aT..q:...F..?......,.u..$..Q.......S..i.^c..=8"C..l..O....Fh.C ...3Y.w>0.....p9..rdL.d
:.......yjmE..{........^.Kr.@v.G..tP....r.x....3.%.FL.0..._...D......&%W.,...u.y.z....F..
~.F.3....y.V..........&.:.7.VS....f:.lf.........EPHigsH..P'.c:..eN>.CX*.N;e.P...5.*n..h...>.........M.....86..uf.(.$HH.z...S+x 3;.:[email protected]$..{d'..wn?e.*.yQ?..\&)
.>U>.y....F=..z"9
.x.?;|u.~.h.4......O......f..h..{.w>......1...>...!......gR..< .D......O....=...Y:q....y.'...|4....>S.5.....u...VJ....*.......;o.{..!4L...d.l7.HDt;.....w...A2n...#..f+.&
..l._2.....90.N9..2.?y......:.C...../.-h.......P).H8.EB...zB.L...p.F..\..O..v...+.i..#.....N..Hx.X..MOR.l.....#...R..F.......U.Bl. oZ...|8&?.I...wy.q....<.;.....x?.{xgu....~.z3..C~..^..R/y.....g.:...=...F.m6I....q..A...v..,[email protected]=.z..8q.0.8=x.,..I#5......c.X.Po...([.\....l..|..........:.L...Nn...S..`..A......]...&...
.c..oU. .......>....f.....k\..I......
....r....,.....g...Z..8.
.(+.c...'...A{....y:'o.l. ..&.......gO...}f.q=T....6.b*...z).5L.........T.KP."..m7..O..!.&{.1X...dL.J.H(.........;B....q.....Y.......Z..E.0..c.X.z....Q.b.
TP.^8...? ..19..#F.. .F.w)...9.}.....a. G.`..).ZD.J1d..h..._......B......-...G#\...L.niw..e.B.l"..Y_...u...)....q.iR........c.3...:.19y.|...f..|s.|...0.j.:..^-.Afs..........w.Va..].arjw.
[email protected],... ..U.G.r1....i.s.|W...Zn(....>f..y.tK...&........d..O=(.'f.Z..|..w..bL.<..|[email protected]=....P_......]...A..X?....GW......A.gU.NZ^s>....(Buk.s.[dz....A.%..A3S.......
.L.<am.]=o0."j.w)]t..0C.T....`.L..'.:Gl.i.2...o..S...w.6.m.........f..+Rp.......;=....1.t.........,...
..G....B..\.4..Gl..59.....2......}m..^vA..........5........;.a.!|.#..X.7..ADi...].|d.............VY..b..a.Z..US..7.^..m.....B.j.g...T..g.[K%.,...1.z......~N......_....z.-~......f....{f.>....u.yO....:?..|..O./..........<.R#. .;o.Q.}.....&m..?].....,.<......{..^R......JvLZh0..;..*.........C...p,.....+..........RHC=b~.....#me..(.%k....>{.
.....d.*...=..{.R~\0...}5.<.{.+.l............^.d.T....r.(.Q.......f...saJ.../0..L.8..>?.....I
[email protected]+.P.......L.S../...z.]......~.....rA..|s.F:.....Fp....K..[....h,....h........K%...u...d...o...^..f.ROH!..,.*?ST....Ze.s....9....l7{...._.....Wi....RI.#.......C.....^.1...?7..%...]J6......n....'.....nTM.S.x:._...k.....3}.m.E/-...
[email protected]
[email protected]'v6...dc.....~'h.].G.]v.7.S.1......^).........~Fi/...E...4....Q.Np..M3...77..._U..r...C.....,..=....%....v.....56../.0.7..?.pjx...z.`?I..,r...l.a..`..a<........^..&...5.h.k...F..._.?v..^.M..GET /css/I.ws-2011-10.css.pagespeed.cf.015AT2yzlN.css HTTP/1.1

Host: www.wireshark.org

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

Accept: text/css,*/*;q=0.1

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://www.wireshark.org/download.html

Cookie: ln_sess=959910332560; __utma=87653150.804353448.1362024480.1362024480.1362024480.1; __utmb=87653150.1.10.1362024480; __utmc=87653150; __utmz=87653150.1362024480.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ln_c=1362024495742%2C/download.html%2C1

Connection: keep-alive

If-Modified-Since: Mon, 25 Feb 2013 17:23:09 GMT

If-None-Match: W/"0"

Cache-Control: max-age=0

HTTP/1.1 304 Not Modified

Date: Thu, 28 Feb 2013 01:24:52 GMT

Server: Apache/2

Connection: Keep-Alive

Keep-Alive: timeout=5, max=89

Cache-control: public, max-age=14400

GET /mirrors.js HTTP/1.1

Host: www.wireshark.org

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

Accept: */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://www.wireshark.org/download.html

Cookie: ln_sess=959910332560; __utma=87653150.804353448.1362024480.1362024480.1362024480.1; __utmb=87653150.1.10.1362024480; __utmc=87653150; __utmz=87653150.1362024480.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ln_c=1362024495742%2C/download.html%2C1

Connection: keep-alive

If-Modified-Since: Wed, 27 Feb 2013 05:20:11 GMT

Cache-Control: max-age=0

HTTP/1.1 304 Not Modified

Date: Thu, 28 Feb 2013 01:24:52 GMT

Server: Apache/2

Connection: Keep-Alive

Keep-Alive: timeout=5, max=86

Cache-control: public, max-age=600

Vary: Accept-Encoding

GET /image/100x41xenhancements_trial.png.pagespeed.ic.Vcf_dQU2_S.png HTTP/1.1

Host: www.wireshark.org

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://www.wireshark.org/download.html

Cookie: ln_sess=959910332560; __utma=87653150.804353448.1362024480.1362024480.1362024480.1; __utmb=87653150.1.10.1362024480; __utmc=87653150; __utmz=87653150.1362024480.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ln_c=1362024495742%2C/download.html%2C1

Connection: keep-alive

If-Modified-Since: Mon, 25 Feb 2013 11:01:50 GMT

If-None-Match: W/"0"

Cache-Control: max-age=0

HTTP/1.1 304 Not Modified

Date: Thu, 28 Feb 2013 01:24:53 GMT

Server: Apache/2

Connection: Keep-Alive

Keep-Alive: timeout=5, max=84

Cache-control: public, max-age=14400

GET /js/v46status.js HTTP/1.1

Host: www.wireshark.org

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

Accept: text/javascript, application/javascript, */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

X-Requested-With: XMLHttpRequest

Referer: http://www.wireshark.org/download.html

Cookie: ln_sess=959910332560; __utma=87653150.804353448.1362024480.1362024480.1362024480.1; __utmb=87653150.1.10.1362024480; __utmc=87653150; __utmz=87653150.1362024480.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ln_c=1362024495742%2C/download.html%2C1

Connection: keep-alive

If-Modified-Since: Wed, 20 Feb 2013 19:21:27 GMT

HTTP/1.1 304 Not Modified

Date: Thu, 28 Feb 2013 01:24:53 GMT

Server: Apache/2

Connection: Keep-Alive

Keep-Alive: timeout=5, max=82

Cache-control: public, max-age=600

Vary: Accept-Encoding

asked 27 Feb '13, 17:34

Jheckman1986's gravatar image

Jheckman1986
10113
accept rate: 0%

edited 28 Feb '13, 01:39

grahamb's gravatar image

grahamb ♦
19.8k330206


Hmm, how to help you without giving away the answer; otherwise, I don't think you would benefit as much from the exercise? Have you read the Wireshark user guide? If not the whole thing, have you at least searched through it for relevant information? I can tell you that your answer lies within.

permanent link

answered 27 Feb '13, 19:53

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

I Have looked in it and it does not have the answer (At least one that makes sense to me) The issue is our teacher did it and we all tried to follow along but even menus he went through were different than the ones we saw on our machines... I know that makes no sense whatsoever but i can only guess he might be using the development version or something!

I'll give it a second glance tomorrow and do some more deep searching bu i am confident the guide didn't have a specific answer!

(27 Feb '13, 21:17) Jheckman1986

OK so i just took a second glance at the guide and i figured out why it won't work, because our teacher is bad at explaining things!

Actually i was able to do it by exporting the packet itself out as a html file instead of trying to rebuild it.

(27 Feb '13, 23:06) Jheckman1986
1

by the way, thanks for encouraging me to check the manual again

(28 Feb '13, 00:21) Jheckman1986
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×293
×248
×14
×5

question asked: 27 Feb '13, 17:34

question was seen: 5,892 times

last updated: 28 Feb '13, 01:39

p​o​w​e​r​e​d by O​S​Q​A