J.Olufsen
Reputation: 13915
How to reassemble a wireshark packets to original file sent?
How to reassemble a set of UDP packets to a file sent, in my case it is an image? How to extract data and save as an image? What is some packets was damaged?
Upvotes: 1
Views: 7520
Answers (1)
rupello
Reputation: 8511
- Right-click on one of the UDP packets and select Follow UDP Stream
- In the stream content dialog use Save As.. to save the raw payload data for the stream
- You may need to use a binary file editor to remove extra data (eg data sent in the opposite direction or signalling messages) - alternatively, filter these out before step 1 and save in a seperate file
- If you have missing payload data you will need to repair the image somehow. There are lots of apps available that will do this for standard image formats
Upvotes: 4
Related Questions
- How to replay Wireshark captured packets?
- How to separate data from different files in a single TCP packet?
- How to dissect UDP msgpack using Wireshark/tshark?
- Strange Wireshark behaviour (A single packet labeled both TCP and UDP)
- Is there a way to save a reassembled TCP in Wireshark
- how do I reassemble TCP packet in LUA dissector?
- How to re-dissect the selected packet in wireshark?
- Reassembling packets in a Lua Wireshark Dissector
- How to put back udp packet in the receivebuffer
- Wireshark Plugin: Dissecting Payloads With Multiple Packets Per UDP Frame