Wireshark – Extract Video from Capture File


Wireshark is one of my most favorite tools because it is extremely powerful but not too complicated to use. Most of the time when I use Wireshark I use it to simply analyze network traffic at work but today I will show you one of the lesser known features of it: Extracting videos from capture files. While this feature might be quite useless at work it might be useful for you at home. (The same steps can be performed to retrieve any kind of file so it could be useful at work too.)

Enough small talk for now let´s get down to business 🙂

Install Wireshark on your computer

The first step is to install Wireshark on your computer since we will need it to capture your network traffic and save it to a capture file. You can download Wireshark from here.

Run Wireshark

Now run Wireshark.

Wireshark

Start Capture

To start a capture go to Capture and click on Interfaces…

Wireshark_Capture_Interfaces

Now choose the network interfaces from which you want to capture its traffic. I chose my Wireless Network Connection. After you selected your network interface click on Options.

Wireshark_Capture_Interfaces_Interfaces

Now all you need to do is to select a file where you want to store your network traffic capture. I stored my network traffic capture in the file “C:\test_capture”.

Wireshark_Capture_Interfaces_Options

Now you are ready to start your capture. Click on Start.

Watch a video online

Now that your capture is running start the video stream you want to capture. For example: Watch a video on WatchOP or on any other website you know.

Important: It is very important that you start the Wireshark network capture before you start the video stream. Otherwise you will not be able to extract the video later.

When the video has finished playing you can stop the capture.

Wireshark_Stop_Capture

Extract the video

Now go to File -> Export Objects and click on HTTP.

Wireshark_Export_Objects_http

Now search for the Content Type video.

Wireshark_Object_List_video

After you found your video select it and click on Save As. As you can see in the screenshot above my video is from the file type mp4 so I will save it as a mp4 video file.

Test your video

To test your video I recommend to use VLC Media Player since it can play nearly every video file type.

Wireshark_Captured_Video_VLC

That´s it. You have successfully captured, extracted and tested your video. Pretty simple and useful, right?

Sources:

http://ask.wireshark.org/questions/5325/how-to-extract-flv-video-from-capture-pakets

http://www.wireshark.org/

Advertisements
Tagged

One thought on “Wireshark – Extract Video from Capture File

  1. Phoebe says:

    This does not work with tested Silverlight source. The video is splitted into hundreds of audio and video fragments.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: