发表新帖
发表新帖

TCP flow extraction

前端 未结
关注
5 759
长发绾君心
长发绾君心 2021-01-02 23:02

I need to extract TCP Flows with their content from dump file and then save their flow into other file each flow separately

5条回答
  • 慢半拍i
    慢半拍i (楼主)
    2021-01-02 23:28

    If you're only doing a few, Wireshark can do this.

    Steps:

    1. Open up the capture in Wireshark.
    2. Click on a packet from the TCP connection you're interested in
    3. Analyze -> Follow TCP Stream
    4. Click 'Raw'
    5. Select (from the popup menu) one of 'Entire Conversation' or one of the two directions.
    6. Click 'Save As'

    Alternate steps, for HTTP only:

    1. Open up the capture
    2. Select File -> Export -> Objects -> HTTP
    3. A dialog will open showing all the HTTP objects in the capture. You can save some or all of them.

    This is with Wireshark 1.2.1 on Linux/GTK. The 'follow TCP stream' option has been moved around between versions, so it may be somewhere else if you have an older version. But its always been called Follow TCP Stream so you should be able to find it.

    Quick searching also reveals several other options if Wireshark doesn't work for you: ngrep, tcpick, chaosreader, and tcpflow.

    0 讨论(0)
 看不清?
提交回复
热议问题