Re: Packet Capture Rebuilding Utility

[Justin Smith <phreenet () gmail com>]

On Tue, Jan 27, 2009 at 6:59 PM, Felonious Fish <feloniousfish () gmail com> wrote:
> Greetings all -
>
> I have recently been banging my head against the wall in search of an
> Open Source tool that can take Wireshark capture (e.g. http) and
> rebuild them into a website.  The purpose of this request is to add
> value within my deliverable reports.   Instead of showing a just one
> packet from a website, I believe it would be a greater impact to show
> the complete page that was sniffed.
>
> Much appreciated
> FF

Does the stream rebuilding inside Wireshark not provide enough of that
for you? If you know the website and/or the client that you have
gathered capture data from you can just create a filter to include
just those two nodes and HTTP packets only.  Then go to
Analyze->Follow TCP Stream and it should rebuild the entire
conversation between those two nodes from any packet.