This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Help to extract PNG from pcap

0

Hey,

I need help to try and extract a file from this pcap, https://www.cloudshark.org/captures/096933d95411 At first I thought there was a PNG in there, and it's got metadata from Photoshop, but I can't see the first hex bytes of a PNG file in the items that Wireshark extracted for me.

In plaintext, I would like help with:

  1. If there is an image in there, can it get extracted? Also I would appreciate some comments/instructions how it can be done as I'm not able to. Got to keep learning!
  2. If no image, what file is it?

Thanks!

asked 03 May '17, 02:35

Suedish's gravatar image

Suedish
6113
accept rate: 0%

edited 03 May '17, 03:42

1

Unless you make the file publicly accessible, we can't assist you.

(03 May '17, 04:30) Jaap ♦

Sorry, new to cloudshark. It should be public now

(03 May '17, 04:32) Suedish

One Answer:

0

The file magic 'ab cd 98 76' lead to a single hit on GitHub (https://github.com/Macuyiko/weiyun-api/blob/master/chunkformat.txt), so it seems a Weiyun API related format. The involved IP address seems to support this observation.

answered 03 May '17, 06:25

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%