Wireshark mailing list archives
Reassembling TCP for a netcat session
From: Atomikramp <atomikramp () email it>
Date: Wed, 9 Jun 2010 16:33:36 +0200
Hello everyone, i have a question for you :), do you know if there is a way, using wireshark, to reassemble PDUs from a netcat session? becouse i have lots of packets containing a "data" payload that are all part of the same stream, and i would like to extract and reassemble that payload for further analysis. it's an exe file transfered using netcat (actually a reverse connection from metasploit framework stager), and i'm looking for advices on how to dump that file from the pcap. Thanks in advice. -- Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP autenticato? GRATIS solo con Email.it: http://www.email.it/f Sponsor: Cerchi un jeans alla moda a meno di 20 Euro? Visita Piazzaitalia.it e scopri tutta la collezione primavera-estate 2010 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=10489&d=20100609
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Reassembling TCP for a netcat session Atomikramp (Jun 09)