<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content=text/html;charset=gb2312>
<META content="MSHTML 6.00.2900.5726" name=GENERATOR></HEAD>
<BODY id=MailContainerBody
style="PADDING-RIGHT: 10px; PADDING-LEFT: 10px; PADDING-TOP: 15px" leftMargin=0
topMargin=0 CanvasTabStop="true" name="Compose message area">
<DIV><FONT face=Calibri>BTW I found WinDump. It really have too many features.
They are so many that I can't even know whether it can do what I need. Does
anyone know how can I dump, say, bytes sent/received at TCP port 1234 to a
binary file?</FONT></DIV>
<DIV style="FONT: 10pt Tahoma">
<DIV><BR></DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A title=vic_st@hotmail.com
href="mailto:vic_st@hotmail.com">vic_st@hotmail.com</A> </DIV>
<DIV><B>Sent:</B> Monday, August 16, 2010 10:41 AM</DIV>
<DIV><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">ML-PCap</A> </DIV>
<DIV><B>Subject:</B> Can I capture TCP payloads at a specific port into a binary
file?</DIV></DIV></DIV>
<DIV><BR></DIV>
<DIV><FONT face=Calibri>
<DIV><FONT face=Calibri>I'm wondering if it's technically doable to capture
payloads at a TCP port into a binary file.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Calibri>Eg, we've established a connection at A(1234), B(5678).
And during some period the parckets are:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Calibri><BR>A(1234)->B(5678): [1, 2,
3]<BR>B(5678)->A(1234): [8, 8, 8]<BR>A(1234)->B(5678): [4, 5,
6]<BR>B(5678)->A(1234): [9, 9, 9]<BR>A(1234)->B(5678): [7, 8,
9]<BR>B(5678)->A(1234): [10, 10, 10]</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>What I wanna do is to capture all payload
bytes of TCP into some binary file, say, A_to_B.bin, that has the following
content:</FONT></DIV>
<DIV><FONT face=Calibri>[1, 2, 3, 4, 5, 6, 7, 8, 9].</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>Is it possible to do this with Wireshark? If it's not,
is there any other way to help me do this? Or do I need to write some code with
WinPCap to do this?</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>Best Regards</FONT></DIV>
<DIV><FONT face=Calibri>Tactoth</FONT></DIV></FONT></DIV></BODY></HTML>