This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm a total newbie. I'm trying to translate a TCP stream into a readable format. Ideally, I'd like to read the body of the emails I'm capturing. Is that possible with wireshark? If so, how?

asked 23 Feb '11, 07:20

Shadow's gravatar image

Shadow
1111
accept rate: 0%


Yes, you can do that. If you have already identified the TCP stream you can use the popup menu on one of the packets of the stream in the packet list and select the "Follow TCP Stream" option. That will open an additional window that contains the TCP playload in (more or less) readable format. It works especially well for all ASCII based TCP payloads.

If you don't have isolated the stream yet you can use the Statistics -> Conversations to look for the correct communications and filter on that with the popup menu.

permanent link

answered 23 Feb '11, 07:30

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 23 Feb '11, 07:31

Thanks! I'll try that and let you know how it goes.

(23 Feb '11, 13:11) Shadow

("Answer" converted to a comment in keeping with the philosophy of ask.wireshark.org)

(23 Feb '11, 13:21) Bill Meier ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×20

question asked: 23 Feb '11, 07:20

question was seen: 22,759 times

last updated: 23 Feb '11, 13:21

p​o​w​e​r​e​d by O​S​Q​A