Hello My Friends, I need to extract TCP Flows with their content from dump file and then save their flow into other file each flow separately, does any one know a tool for processing this?
I really appreciate for any Help
Hanieh Rajabi.
+1
A:
Wire shark maybe? It can be used to filter sessions and I think you can then save them seperatly.
Cellfish
2009-09-06 06:57:47
+4
A:
If you're only doing a few, Wireshark can do this.
Steps:
- Open up the capture in Wireshark.
- Click on a packet from the TCP connection you're interested in
- Analyze -> Follow TCP Stream
- Click 'Raw'
- Select (from the popup menu) one of 'Entire Conversation' or one of the two directions.
- Click 'Save As'
Alternate steps, for HTTP only:
- Open up the capture
- Select File -> Export -> Objects -> HTTP
- A dialog will open showing all the HTTP objects in the capture. You can save some or all of them.
This is with Wireshark 1.2.1 on Linux/GTK. The 'follow TCP stream' option has been moved around between versions, so it may be somewhere else if you have an older version. But its always been called Follow TCP Stream so you should be able to find it.
Quick searching also reveals several other options if Wireshark doesn't work for you: ngrep, tcpick, chaosreader, and tcpflow.
derobert
2009-09-06 06:57:47
A:
Thanks All Dear, since I am processing so many dump files,I need a tool to do saving automatically not manually way and, The problem of using tcpick and tcpflow is I am not sure whether they can open the dump file or they can just do sniffing themself and then save the dump file.
I'm really appreciated with Regards, Hanieh
Thanks All Dear, since I am processing so many dump files,I need a tool to do saving automatically not manually way and, The problem of using tcpick and tcpflow is I am not sure whether they can open the dump file or they can just do sniffing themself and then save the dump file.I'm really appreciated with Regards, Hanieh
2009-09-07 07:21:57