[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    Re: [Wireshark-users] How can I tell if there is a JPG image in
From:       "j.snelders" <j.snelders () telfort ! nl>
Date:       2009-09-24 18:48:14
Message-ID: 4A542FF20003E192 () mail-4-nl ! mail ! tiscali ! sys
[Download RAW message or body]

Hi Andrew,

Look for the file signatures:
http://www.garykessler.net/library/file_sigs.html

Open the capture file.
Go to Edit -> Find Packet
Select Hex value: FF D8 FF E0
Find


Open the capture file with a hex editor to extract the image:
HxD - Freeware Hex Editor and Disk Editor
http://mh-nexus.de/en/hxd/

Search -> Find 
Search for: FF D8 FF E0
Datatype: Hex-values
Write down the Offset

Next search for the trailer: FF D9
Datatype: Hex-values

Select the hex-values from  FF D8 FF E0  to  FF D9
Copy & paste and save this to a separate file.
Close the hex editor and open the file with a viewer.

HTH
Joan

>From: "Andrew Lee" <andrew@whitneyassociates.co.uk>
Wed, 23 Sep 2009 10:52:55 +0100 Andrew Lee wrote:

>Hi 
>
>I have a trace file which I think contains a JPG image (the trace is NOT
>from an HTTP conversation). Is there a way to determine if the trace
>contains an image and can I extract out the image?
>
>Best regards
>
>Andrew


       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]