This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Translating TCP Stream to readable format

0

I'm a total newbie. I'm trying to translate a TCP stream into a readable format. Ideally, I'd like to read the body of the emails I'm capturing. Is that possible with wireshark? If so, how?

asked 23 Feb '11, 07:20

Shadow's gravatar image

Shadow
1111
accept rate: 0%


One Answer:

0

Yes, you can do that. If you have already identified the TCP stream you can use the popup menu on one of the packets of the stream in the packet list and select the "Follow TCP Stream" option. That will open an additional window that contains the TCP playload in (more or less) readable format. It works especially well for all ASCII based TCP payloads.

If you don't have isolated the stream yet you can use the Statistics -> Conversations to look for the correct communications and filter on that with the popup menu.

answered 23 Feb '11, 07:30

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 23 Feb '11, 07:31

Thanks! I'll try that and let you know how it goes.

(23 Feb '11, 13:11) Shadow

("Answer" converted to a comment in keeping with the philosophy of ask.wireshark.org)

(23 Feb '11, 13:21) Bill Meier ♦♦