This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Extract files from pcap file programatically

0

I want to extract the files such as pdfs, images, javascripts etc. from the pcap file captured using wireshark. I want the protocols such as http, ftp, smtp, pop supported. Please let me know how can i extract the files using code preferably c programming to do the same.

asked 16 Jun '15, 17:11

kruthi's gravatar image

kruthi
11224
accept rate: 0%

edited 17 Jun '15, 08:38

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237

One Answer:

0

Wireshark is able to export objects from a pcap file, but only for HTTP, DICOM and SMB. If you want to know how that works, take a look at the Wireshark source code (Files: export_object*.c).

An alternative are the following tools:

http://www.xplico.org
http://sourceforge.net/projects/networkminer/
https://github.com/caesar0301/awesome-pcaptools#fileextraction
http://isc.sans.edu/diary/Tools+for+extracting+files+from+pcaps/6961
https://code.google.com/p/nfex/

Either use them directly, or take a look at the code to learn from it.

Regards
Kurt

answered 17 Jun '15, 08:38

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 17 Jun '15, 08:38