Penetration Testing mailing list archives

Re: project

From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 4 Jun 2003 13:34:29 +0200

On Tue, Apr 29, 2003 at 09:00:46AM -0700, ashwini ajjappa wrote:

Anyone know where to obtain information of re-assembling TCP/UDP
data streams.


Search for "tcpflow" (http://www.circlemud.org/) or "ethereal"
(function Follow TCP Stream).

I mean I have captured data using Tcpdump (i.e. raw data), how to
I recombine the data into the orginal word attachment (or like)?


Sometimes simple perl/shell/awk scripts do the job when the
application protocol is simple or you can search for Pandora
(http://savannah.nongnu.org/projects/pandora/) or ContExt (Content
Extractor - non-free commercial product, http://www.inetd.com)

Cannot seem to find any information anywhere on the technical
involved in this.


Have you searched through forensics@ mailing list archive? Your task
is more from forensics area than from pen-tests ...

-- 
         Martin Mačok                 http://underground.cz/
   martin.macok () underground cz        http://Xtrmntr.org/ORBman/

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: project Martin Mačok (Jun 04)