Ethereal

Re: [Ethereal-users] ftp-data
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: November 2003

 


On Nov 3, 2003, at 4:47 AM, Giorgio Mulas wrote:

Then I apply the filter ftp-data and save the packets. I think the packets are now in ASCII.

If you used the "Save As..." menu item, they're not in ASCII, they're in some packet capture file format, probably libpcap format. That format contains link-layer headers, and headers above it, such as IP and TCP headers.

It also contains TCP packets in the reverse direction, such as the initial and final 3-way handshake, as well as ACKs.

You *might* be able to get just the data if you select one of the ftp-data packes, use the "Follow TCP Stream" menu item from the "Tools" menu, and use the "Save As" button in the "Contents of TCP stream" window.

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.