Im semi-new to network traffic analysis so I appologize if I hack any terms.

I am trying to reassemble image packets downloaded from the Gnutella network. Can somebody please tell me what Im doing wrong?

On WinXP I start a capture with Wireshark(Version 0.99.0)and then download a unique image file using Phex. I do this to avoid any “swarming” issues. After the JPEG is completely downloaded, I stop the capture and then filter for the IP source of the host. I then view the captured packets and the checksum returns valid. This is where Im getting stuck. There should be an option somewhere to “export” or “reassemble”. There is an “export” option under “file” but that doesnt seem to work. I tried “follow the TCP stream” and then pasting packet data into a text editor and naming the file as a JPEG. Doesnt work either.

I did tick the boxes for “reassemble fragmented ip datagrams” and “allow dissector to reassemble TCP streams” prior to the capture. I found little info online for packet reassembly so any help is appreciated.

Ill try to include a screen capture

Thanks

Dave