Penetration Testing mailing list archives
Re: Packet Capture Rebuilding Utility
From: Justin Smith <phreenet () gmail com>
Date: Wed, 28 Jan 2009 06:42:45 +0300
On Tue, Jan 27, 2009 at 6:59 PM, Felonious Fish <feloniousfish () gmail com> wrote:
Greetings all - I have recently been banging my head against the wall in search of an Open Source tool that can take Wireshark capture (e.g. http) and rebuild them into a website. The purpose of this request is to add value within my deliverable reports. Instead of showing a just one packet from a website, I believe it would be a greater impact to show the complete page that was sniffed. Much appreciated FF
Does the stream rebuilding inside Wireshark not provide enough of that for you? If you know the website and/or the client that you have gathered capture data from you can just create a filter to include just those two nodes and HTTP packets only. Then go to Analyze->Follow TCP Stream and it should rebuild the entire conversation between those two nodes from any packet.
Current thread:
- Packet Capture Rebuilding Utility Felonious Fish (Jan 27)
- Re: Packet Capture Rebuilding Utility Justin Smith (Jan 28)
- Re: Packet Capture Rebuilding Utility Rogan Dawes (Jan 28)
- Re: Packet Capture Rebuilding Utility Chris Brenton (Jan 28)
- Re: Packet Capture Rebuilding Utility Hermann Arens (Jan 28)
- Re: Packet Capture Rebuilding Utility Eric Kollmann (Jan 28)
- Re: Packet Capture Rebuilding Utility Justin Smith (Jan 28)