Penetration Testing mailing list archives

RE: Snarf files from a sniff dump

From: Jim Morgan <peripatetic () myrealbox com>
Date: Mon, 27 Feb 2006 10:06:13 +0800

At 25/02/2006 21:00, you wrote:

I am looking for a tool to snarf files (e.g. Word documents etc.) from a
sniff dump (e.g. ethereal or tcpdump) in an M$ Windows LAN (SMB) or
between a client and a printer (PS, PCL etc.). Does someone know such
tools (I know Dsniff, but it is not exactly what I am looking for)?


http://tcpxtract.sourceforge.net/

tcpxtract is a tool for extracting files from network traffic basedon file signatures. Extracting files based on file type headers andfooters (sometimes called "carving") is an age old data recoverytechnique. Tools like Foremost employ this technique to recover filesfrom arbitrary data streams. Tcpxtract uses this techniquespecifically for the application of intercepting files transmittedacross a network. Other tools that fill a similar need are driftnetand EtherPEG. driftnet and EtherPEG are tools for monitoring andextracting graphic files on a network and is commonly used by networkadministrators to police the internet activity of their users. Themajor limitations of driftnet and EtherPEG is that they only supportthree filetypes with no easy way of adding more. The search techniquethey use is also not scalable and does not search across packetboundries. tcpxtract features the following:Supports 26 popular file formats out-of-the-box. New formats can beadded by simply editing its config file.With a quick conversion, you can use your old Foremost config filewith tcpxtract.

Custom written search algorithm is lightning fast and very scalable.

Search algorithm searches across packet boundries for total coverageand forensic quality.

Uses libpcap, a popular, portable and stable library for network data capture.
Can be used against a live network or a tcpdump formatted capture file.


------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on yourwebsite. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at:


http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Snarf files from a sniff dump 4secure (Feb 24)
- Re: Snarf files from a sniff dump Renaud Deraison (Feb 26)
- Re: Snarf files from a sniff dump Nico Golde (Feb 26)
- <Possible follow-ups>
- RE: Snarf files from a sniff dump Shenk, Jerry A (Feb 25)
  - RE: Snarf files from a sniff dump nodialtone (Feb 26)
  - Re: Snarf files from a sniff dump Neil (Feb 26)
  - Re: Snarf files from a sniff dump freed0m [hacktimes.com] (Feb 26)
  - Message not available
    - RE: Snarf files from a sniff dump Jim Morgan (Feb 26)
    - Re: Snarf files from a sniff dump Nagareshwar Talekar (Feb 27)
- RE: Snarf files from a sniff dump 4secure (Feb 26)
- RE: Snarf files from a sniff dump Craig Wright (Feb 27)