Honeypots mailing list archives
Re: Removing HTTP headers from tcpdump logs
From: Jarkko Turkulainen <jt () klake org>
Date: Wed, 7 May 2003 19:20:58 +0300 (EEST)
My question to the list: What tools/methods are used to manually remove the HTTP headers that prevent the (easy/quick) recovery of files over HTTP?
Text editor! I use the vi editor to edit the TCP session file. Just "dd" the headers and the emtpy line after them, and the file is ready for recovery. tar might give a warning because of the extra carrier return character in the end of the file, but it really works! Best regards, -- Jarkko Turkulainen <jt () klake org>
Current thread:
- Removing HTTP headers from tcpdump logs Chris Mawer (May 07)
- Re: Removing HTTP headers from tcpdump logs Jarkko Turkulainen (May 07)
- Re: Removing HTTP headers from tcpdump logs George W. Capehart (May 07)
- Re: Removing HTTP headers from tcpdump logs shawnmer (May 07)
- Re: Removing HTTP headers from tcpdump logs Bill McCarty (May 09)
- Re: Removing HTTP headers from tcpdump logs Jarkko Turkulainen (May 07)