I think this is a bug, and I tried to post it on Wiresharks' bugzilla, but I couldn't do it, not with Dillo, not with Firefox.
tshark (net-analyzer/wireshark-1.12.8-r1) saves tcp/ssl raw streams in ascii
file, content unrecoverable
Since Wireshark 2.0.0 is not available in Gentoo yet, and since:
I'm still using wireshark-1.12.8-r1
I explained this in (too much) detail in the thread starting from:
Wireshark-users] follow [tcp|ssl].stream with tshark
and also on:
How to extract content from tshark-saved streams?
Mayve shorter now:
Download dump_150927_1848_g0n.pcap from
It all boils down to this command:
tshark -r dump_150927_1848_g0n.pcap -T fields -e data -qz follow,tcp,raw,9 \
| egrep '[[:print:]]' > dump_150927_1848_g0n_s00009.bin
producing an ascii file from which, in the least, it takes a wizard to extract content from, in comparison with perfectly recoverable content from the file that I saved with the Wireshark, and called it:
You can find both files, as I obtained them in my Wireshark on my Gentoo, as well as the extracted content from, surely only, the Wireshark-saved stream at:
(the extractable content being what I extracted and posted there as:
Pls use attachment from othe bug report:
as it hasn't really changed.
I managed to file a bug on this in Wireshark:
tshark saves raw stream in ascii file, content unrecoverable
(In reply to miro.rovis from comment #0)
> I think this is a bug, and I tried to post it on Wiresharks' bugzilla, but I
> couldn't do it, not with Dillo, not with Firefox.
I don't see how Gentoo is responsible for wireshark's behaviour. If there is such a link, we should see upstream refer it back to us.
> Since Wireshark 2.0.0 is not available in Gentoo yet
Author: Jeroen Roovers <firstname.lastname@example.org>
Date: Sat Nov 21 05:52:48 2015 +0100
net-analyzer/wireshark: Version bump (bug #566180 by Pavel Půlpán).
>, and since:
That was also referred upstream.