Penetration Testing mailing list archives
Re: Snarf files from a sniff dump
From: "Nagareshwar Talekar" <tnagareshwar () gmail com>
Date: Mon, 27 Feb 2006 12:32:25 +0530
Hi Try filesnarf from the dsniff package...that copies files transfered over the network to the disk... On 2/27/06, Jim Morgan <peripatetic () myrealbox com> wrote:
At 25/02/2006 21:00, you wrote:I am looking for a tool to snarf files (e.g. Word documents etc.) from a sniff dump (e.g. ethereal or tcpdump) in an M$ Windows LAN (SMB) or between a client and a printer (PS, PCL etc.). Does someone know such tools (I know Dsniff, but it is not exactly what I am looking for)?http://tcpxtract.sourceforge.net/ tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called "carving") is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. Tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network. Other tools that fill a similar need are driftnet and EtherPEG. driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and is commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG is that they only support three filetypes with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundries. tcpxtract features the following: Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file. With a quick conversion, you can use your old Foremost config file with tcpxtract. Custom written search algorithm is lightning fast and very scalable. Search algorithm searches across packet boundries for total coverage and forensic quality. Uses libpcap, a popular, portable and stable library for network data capture. Can be used against a live network or a tcpdump formatted capture file. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
-- With Regards Nagareshwar ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Snarf files from a sniff dump 4secure (Feb 24)
- Re: Snarf files from a sniff dump Renaud Deraison (Feb 26)
- Re: Snarf files from a sniff dump Nico Golde (Feb 26)
- <Possible follow-ups>
- RE: Snarf files from a sniff dump Shenk, Jerry A (Feb 25)
- RE: Snarf files from a sniff dump nodialtone (Feb 26)
- Re: Snarf files from a sniff dump Neil (Feb 26)
- Re: Snarf files from a sniff dump freed0m [hacktimes.com] (Feb 26)
- Message not available
- RE: Snarf files from a sniff dump Jim Morgan (Feb 26)
- Re: Snarf files from a sniff dump Nagareshwar Talekar (Feb 27)
- RE: Snarf files from a sniff dump 4secure (Feb 26)
- RE: Snarf files from a sniff dump Craig Wright (Feb 27)