Translating TCP Stream to readable format


I'm a total newbie. I'm trying to translate a TCP stream into a readable format. Ideally, I'd like to read the body of the emails I'm capturing. Is that possible with wireshark? If so, how?

One Answer:


Yes, you can do that. If you have already identified the TCP stream you can use the popup menu on one of the packets of the stream in the packet list and select the "Follow TCP Stream" option. That will open an additional window that contains the TCP playload in (more or less) readable format. It works especially well for all ASCII based TCP payloads.

If you don't have isolated the stream yet you can use the Statistics -> Conversations to look for the correct communications and filter on that with the popup menu.

