I have a pcap network dump that has an MPEG-1 stream inside and I would like to play the mpeg stream. So far I've tried playing through the RTP analyzer but that plays without any sound. I've also tried to save the stream as a .mpg file but that can't be played either.
Asked
Active
Viewed 4,719 times
2 Answers
0
IN wireshark if the file was simply a MPEG stream (may be mpeg file coming down down in parts as .ts etc...) But IF so, you can recombine .ts files with ffmpeg ;)
File/Export Objects/HTTP/{whatever file you are looking for}/Save As.
Can get a lot more than mpeg this way!
https://shankaraman.wordpress.com/2013/06/06/reconstructing-files-from-wireshark-packets/
Wireshark has tons of protocol disectors, I even contributed to some of them waaaaay back in the days it was ethereal. ;)
As suggested by the other answer though, network miner is indeed a good tool, wireshark its just WAY more powerful/flexible, and worth the learn of both if you have time.
Wireshark in fact may be one of the more substantially useful pieces of free software in the world today. You can make a career out of learning it.
0
Network Miner can extract files, images, etc. from pcap files or from a live capture.
Andrew Lambert
- 7,805