Reputation: 33
View Contents of docx, pdf and text files obtained in Wireshark through PCAP file
So, I have got a pcap file which I opened with Wireshark tool. Now, there are 4 files I can find through the HTTP filter: 1. A docx file 2. A pdf file 3. A txt file 4. PNG file
I extracted the PNG image file by the following :
Right click on the packet -> follow -> Using TCP -> Converted the file from ASCII to raw -> Searched for 'FFD8' and 'FFD9 and copy pasted the raw network text to HxD Hex editor and saved it as PNG.
I don't know how to view the contents of the rest. I am using a Windows 10 system. Any help would be appreciated.
Thank you in advance.
Upvotes: 1
Views: 12243
Answers (1)
Reputation: 3186
Wireshark has the ability to export files from HTTP. On Macos & Windows, you can find this in the GUI as
File > Export Objects > HTTP
You can find more information about this in the Wireshark Guide at https://www.wireshark.org/docs/wsug_html_chunked/ChIOExportSection.html#ChIOExportObjectsDialog
You can also do this with tshark with tshark --export-objects http,$dest_dir. tshark.dev has an article on using this here.
Upvotes: 2
Related Questions
- How to read pcapng (wireshark) files in Python?
- wireshark doesn't display packets from pcap file
- Find data transfered by wireshark on pcap file
- How can I sniff packet with Wireshark
- convert txt packet data to pcap format to open it by Wireshark
- Wireshark Traffic Analysis for File type
- Is there a way to view wireshark .pcap files in Fiddler?
- Opening .pkt (Omnipeek capture) file in C
- Getting particular information out of pcap files
- How to View source page using Wireshark?