Re: Re: Reconstructing a file from a packet dump

I tried something like that, and it would seem that ethereal barfed because the file was too large for its likes. The iso that I'm trying to reconstruct is ~200M. As a sanity check, I sent a small jpeg over HTTP (just a few K), used the "Follow TCP Stream" functionality in Ethereal, and the wrote a Perl script to strip the headers off the top of the file. The jpeg image came out looking fine. When I say that ethereal "barfed" in the former case, what I mean is that for some reason it exported a file that was only 2.5M in size when it ought to have been 100x larger. I wonder if I've bumped up against a buffer size for ethereal... I'll look into using tcpflow to successfully perform exportation. Thanks.

Comment on Re: Re: Reconstructing a file from a packet dump

Replies are listed 'Best First'.
Re: Re: Re: Reconstructing a file from a packet dump by traveler (Parson) on Mar 29, 2004 at 19:02 UTC
I am one of the developers of Ethereal. Would it be alright for me to forward the basic details to the Ethereal developers' list?	[reply]
Re: Re: Re: Re: Reconstructing a file from a packet dump by skyknight (Hermit) on Apr 12, 2004 at 16:04 UTC
You may certainly do so, if you haven't done so already. I'm sorry that I did not reply sooner. I haven't looked at Perlmonks a whole lot recently as I've been pretty busy with coursework and such.	[reply]