Wireshark-users: Re: [Wireshark-users] Save the bytes of a particular field from all the displaye
On Wed, Feb 07, 2007 at 01:54:48PM -0600, Frank Bulk wrote:
> Anyone reading the last few weeks of postings should be detecting a
> recurring theme...people want to extract images and audio with the
> correct file headers and names from packet streams that may or may not
> be contiguous.
I have committed an initial version of a content listing/saving feature
for the HTTP protocol. I would appreciate if anyone could try it out
and give feedback on the implementation and if they can think of a
better top-level menu to put it under (View perhaps?). Support for
other protocols may come in the future.
It is currently available in the latest developer versions under
Statistics -> Content List -> HTTP. You can view/save the list of
content after a capture file is loaded or with real-time updates as a
capture is running. You can download the Windows developer version or
Windows/Unix source code below. PLEASE NOTE: These are developer
versions that you should use with caution - they may have bugs or
unfinished features in them still. It will overwrite your installed
version of Wireshark, but will retain your preferences. You can usually
uninstall the developer version and re-install a release without losing
anything.
Windows:
http://downloads.wireshark.org/download/automated/win32/
Windows/Unix source code:
http://downloads.wireshark.org/download/automated/src/
(Pick a filename with 20880 or higher in the name)
Thanks,
Steve
