Honeypots mailing list archives
Re: Removing HTTP headers from tcpdump logs
From: "George W. Capehart" <gwc () capehassoc com>
Date: Wed, 7 May 2003 17:23:39 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 07 May 2003 12:20 pm, Jarkko Turkulainen wrote:
My question to the list: What tools/methods are used to manually remove the HTTP headers that prevent the (easy/quick) recovery of files over HTTP?Text editor! I use the vi editor to edit the TCP session file. Just "dd" the headers and the emtpy line after them, and the file is ready for recovery. tar might give a warning because of the extra carrier return character in the end of the file, but it really works!
If it's a big file, or if you have several, awk or Perl might be more efficient . . . /g - -- George W. Capehart "With sufficient thrust, pigs fly just fine . . ." -- RFC 1925 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+uXl1PhMbfSg3fpARAinzAJ45Ofe0YG2vAhfBZ9DaQZbfXquPIwCcCG8V uACExKmM5vVxwenXY0VawZ8= =WVA6 -----END PGP SIGNATURE-----
Current thread:
- Removing HTTP headers from tcpdump logs Chris Mawer (May 07)
- Re: Removing HTTP headers from tcpdump logs Jarkko Turkulainen (May 07)
- Re: Removing HTTP headers from tcpdump logs George W. Capehart (May 07)
- Re: Removing HTTP headers from tcpdump logs shawnmer (May 07)
- Re: Removing HTTP headers from tcpdump logs Bill McCarty (May 09)
- Re: Removing HTTP headers from tcpdump logs Jarkko Turkulainen (May 07)