How to extract original file from pcap (wireshark)

by Hojung posted Feb 26, 2013
?

단축키

Prev이전 문서

Next다음 문서

ESC닫기

+ - Up Down Comment Print
How to extract original file from pcap (wireshark)

This is how to extract original file (formatted in tgz) from pcap containing data transferred from server to client

1. Open pcap file and find http stream
01.png
* Content-Length is 80976 bytes

2. select direction from server to client and save as file test.tgz
02.png

03.png

3. Open with binary editor such as Hex Fiend for MAC OS Xebec and remove http header including CRLFx2 at the end
04.png

4. Save as file
05.png

5. Finished. Check file size (80976 bytes) and untar since it's .tgz
06.png

07.png

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5