Penetration Testing mailing list archives
Re: project
From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 4 Jun 2003 13:34:29 +0200
On Tue, Apr 29, 2003 at 09:00:46AM -0700, ashwini ajjappa wrote:
Anyone know where to obtain information of re-assembling TCP/UDP data streams.
Search for "tcpflow" (http://www.circlemud.org/) or "ethereal" (function Follow TCP Stream).
I mean I have captured data using Tcpdump (i.e. raw data), how to I recombine the data into the orginal word attachment (or like)?
Sometimes simple perl/shell/awk scripts do the job when the application protocol is simple or you can search for Pandora (http://savannah.nongnu.org/projects/pandora/) or ContExt (Content Extractor - non-free commercial product, http://www.inetd.com)
Cannot seem to find any information anywhere on the technical involved in this.
Have you searched through forensics@ mailing list archive? Your task is more from forensics area than from pen-tests ... -- Martin Mačok http://underground.cz/ martin.macok () underground cz http://Xtrmntr.org/ORBman/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: project Martin Mačok (Jun 04)