Wireshark can also extract data from a number of different TCP streams. This is particularly important for cybersecurity analysts from HTTP and TFTP, although Server Message Block (SMB) information can also sometimes be useful.

To extract data from a stream, the File | Export Objects | (HTTP... | TFTP... | SMB...) menu option allows users to select a file from the stream and reconstitute it from the packet data. The following screenshot shows the process of extracting a portable executable file (PortRptr.exe) from an HTTP stream:

Notice that this feature allows any text, image, or application to be extracted from the entire PCAP file. Where there is a long stream with multiple files, the packet ID help us to find the item or the text filter box can be used to search for a given filename.