Extracting messages in NetworkMiner

[algyptalian]

Ok so im pretty new to network miner. basically, i have a cap file, and i want to analyse the contents of this file. So far with wireshark, ive managed to download a whole lot of images/ css files for a site that someone has been on, but i know there is more inside, such as messages 2 people have been senduing to eachother. With the keyword search in NetworkMiner, i have been able to pull up short sections of some of the messages, but i have not been able to see the full messages. I also know attachments have been sent.

I have the Source host ip address and the Destination host ip address, and i also have the username of the person who has been sending the information out (as its one of the users of a computer)...

It shows the person has been on myspace.com and aussiemail.com.au, so this might be where they are sending the messages from, but they could be using something else, im not sure.

Is there any way, either by using networkminer, or any similar tool, that i can view all the messages that these 2 people have been sending to each other?

I would really appreciate it.

[dmorris]

I'd try wireshark.

Just open up the capture file, add a filter on only the IPs you are interested in (you will have to learn the syntax)

Then find the relevent tcp streams and click on "View TCP Stream"
You'll see a bunch of jibberish for the binary data, but usually you can see enough in the clear to see whats going on.