[Winpcap-users] Can I capture TCP payloads at a specific portinto a binary file?

vic_st at hotmail.com vic_st at hotmail.com
Mon Aug 16 05:05:25 PDT 2010 

Seems not working as expected, addional information are included. I've managed to do that with Wireshark. Wireshark can dump TCP stream in a "conversation", to a binary file, a C array, or text representation.

And thank you all the same :)

--------------------------------------------------
From: "Black, Michael (IS)" <Michael.Black2 at ngc.com>
Sent: Monday, August 16, 2010 7:46 PM
To: <winpcap-users at winpcap.org>
Subject: Re: [Winpcap-users] Can I capture TCP payloads at a specific portinto a binary file?

> windump -w port1234.tcp tcp port 1234
> 
> Michael D. Black
> Senior Scientist
> Advanced Analytics Directorate
> Northrop Grumman Information Systems
> 
> 
> ________________________________
> 
> From: winpcap-users-bounces at winpcap.org on behalf of vic_st at hotmail.com
> Sent: Sun 8/15/2010 9:45 PM
> To: ML-PCap
> Subject: EXTERNAL:Re: [Winpcap-users] Can I capture TCP payloads at a specific port into a binary file?
> 
> 
> BTW I found WinDump. It really have too many features. They are so many that I can't even know whether it can do what I need. Does anyone know how can I dump, say, bytes sent/received at TCP port 1234 to a binary file?
> 
> From: vic_st at hotmail.com 
> Sent: Monday, August 16, 2010 10:41 AM
> To: ML-PCap <mailto:winpcap-users at winpcap.org>  
> Subject: Can I capture TCP payloads at a specific port into a binary file?
> 
> I'm wondering if it's technically doable to capture payloads at a TCP port into a binary file.
> 
> Eg, we've established a connection at A(1234), B(5678). And during some period the parckets are:
> 
> 
> A(1234)->B(5678): [1, 2, 3]
> B(5678)->A(1234): [8, 8, 8]
> A(1234)->B(5678): [4, 5, 6]
> B(5678)->A(1234): [9, 9, 9]
> A(1234)->B(5678): [7, 8, 9]
> B(5678)->A(1234):  [10, 10, 10]
> 
> What I wanna do is to capture all payload bytes of TCP into some binary file, say, A_to_B.bin, that has the following content:
> [1, 2, 3, 4, 5, 6, 7, 8, 9].
> 
> Is it possible to do this with Wireshark? If it's not, is there any other way to help me do this? Or do I need to write some code with WinPCap to do this?
> 
> Best Regards
> Tactoth
>



> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>

More information about the Winpcap-users mailing list