For much smaller datasets, in the order of 100 MB, one would typically load the PCAP into Wireshark and perform ”Follow TCP Stream” on a few sessions to see what's going on. But loading gigabyte datasets into Wireshark doesn't scale very well, in fact Wireshark will typically run out...
Attached to the email is also a file called “cool_web_page.html” (see “filename” attribute in the screenshot above). This file is already reassembled and extracted to disk by NetworkMiner when it loaded the pcap file. The easiest way to locate the file is to open the “Files” tab...
The second andmost comfortable way to generate and read an SIP Sessionis tocreate a Network Dump in pcap(packet capture) format file by using utilities such asWireshark– tcpdump (which both use libpcap) – ngrep – and then read it using Wireshark. Routers / Firewalls from many companies...