Hi, is it possible to import a pcap file and analyse it? how to extract a file from pcap files? When I open the pcap file then I just get a list of packets but i cannot work with them.
I am not really sure what you would like to do with the PCAP file, could you please give some more details?
The PCAP file is automatically analysed when you open it up with NetworkMiner. So transfered files which are detected by NetworkMiner will be reassembled and stored to disk right when you open the PCAP file. Look under the "Files" tab to see if your captured file transfer has been extracted. The first column in the Files tab will show you where the extracted file has been stored.
The latest version (v0.82) support extraction and reconstruction of files sent using the following protocols: HTTP, SMB / CIFS and TFTP. Please add a feature request if you would like to extract files from some other protocol.
First of all thank you for your good coded program.
But unfortunately I think it's not always doing what it's supposed to do, when it correctly re-constructed SMBed exe file "amazing!" , it didn't detect any HTTP images at all, neither by opening a pcap file, or using the built in sniffer " I tried SOCKET and WinPcap".
but again, well done :) and good luck with enhancing it, I've been always trying to find a windows version of "driftnet" but couldn't till your name gave me hope.
I would be happy to get a PCAP file with images which NetworkMiner doesn't extract properly, so that I can improve the image extracting functionality. Please send your PCAP file to: "hjelmvik [at] users [dot] sourceforge [dot] net", and I'll make sure the next version of NetworkMiner is able to extract your images!