extracting a file from a pcap file.

what i did is, i run my wireshark and download makan.pdf. all the packet captured and stored by the wireshark. i save the captured packet as makan.pcap.

what i want to try to do is, extract makan.pdf from that pcap files.

if you want to try, get the pcap file here.

1- open the file with wireshark.

2- find the “suitable” packet. in this case, i choose GET /makan.pdf as that is what i want. it might be differ if you have a bigger size of file. in this case, makan.pdf is small in size. i don’t know, if you know, let me know too

right click on that frame, and follow tcp stream.

3- a new windows appeared. i click save as.

4- i save as makan_x.pdf

5- the saved files seems worked perfectly. can be opened. i get the makan.pdf, i can read the content.

i’m done with my try. do share yours

is this the right way? i would like to know the easier way. can i? what if the file is being send/receive via dcc in IRC or  ftp or netcat?

3 Comments

• 

  By kacak, December 3, 2009 @ 11:59 pm

  ade je tool nak extract strait off the wire kalau nak extract sambil sniff
  try tgk2 tcpxtract
• 

  By aalim, December 4, 2009 @ 9:01 am

  thnx kacak~
• 

  By salawank, December 7, 2009 @ 10:44 pm

  Thanks for sharing..btol la tu kot hehe.. wow tcpxtract

Other Links to this Post

RSS feed for comments on this post. TrackBack URI

Leave a comment