tcpdump mailing list archives
RE: TCP/UDP Data Streams - Packet Reassembly
From: "Joe Elliott" <joe () inetd com>
Date: Wed, 18 Dec 2002 12:41:39 -0800
Hello,
Our commercial product ContExt (Content Extractor) will create images/docs
from a raw packet stream 7x24 in real-time and handle frags, out of sequence
packets etc. It creates web reports of the content and allows searches and
tracking of addresses. Its a hardware/software solution packaged as a
device. It handles GIG ethernet and 20,000+ concurrent connections.
It supports JPEG/GIF/PNG/Word/Excel/MP3/PDF/PS/POP3/MBOX/PPT/ZIP etc etc
formats that you can view from a web page.
See http://www.inetd.com for details. It supports PCAP recordings as well as
live traffic.
Its not free, so maybe thats no use to you.
Joe.
-----Original Message-----
From: owner-tcpdump-workers () sandelman ottawa on ca
[mailto:owner-tcpdump-workers () sandelman ottawa on ca]On Behalf Of Guy
Harris
Sent: Wednesday, December 18, 2002 11:59 AM
To: Susan Chan Lee
Cc: pen-test () securityfocus com; forensics () securityfocus com;
tcpdump-workers () tcpdump org
Subject: Re: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly
On Thu, Dec 19, 2002 at 12:08:27AM +0800, Susan Chan Lee wrote:
Anyone know where to obtain information of re-assembling TCP/UDP data streams. I mean I have captured data using Tcpdump (i.e. raw data), how to I recombine the data into the orginal word attachment (or like)?
There's more to it than just "re-assembling TCP/UDP data streams"; as you said "word attachment", it sounds as if you're talking about e-mail, in which case, for example, reassembling a TCP data stream for an SMTP session would give you the SMTP traffic - but you'd have to extract the stuff sent with the "DATA" command, and then de-MIMEify it to extract the attachments. Similarly, for a document downloaded with HTTP, reassembly would give you only the HTTP traffic; you'd have to extract the document from that. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- TCP/UDP Data Streams - Packet Reassembly Susan Chan Lee (Dec 18)
- Re: TCP/UDP Data Streams - Packet Reassembly Guy Harris (Dec 18)
- RE: TCP/UDP Data Streams - Packet Reassembly Joe Elliott (Dec 18)
- RE: TCP/UDP Data Streams - Packet Reassembly Simon Patarin (Dec 18)
- RE: TCP/UDP Data Streams - Packet Reassembly Joe Elliott (Dec 18)
- Re: TCP/UDP Data Streams - Packet Reassembly Richard Sharpe (Dec 18)
- Re: TCP/UDP Data Streams - Packet Reassembly samuel (Dec 20)
- Re: Re: TCP/UDP Data Streams - Packet Reassembly Guy Harris (Dec 20)
- packet direction capture Iain McAleer (Dec 21)
- Re: Re: TCP/UDP Data Streams - Packet Reassembly Guy Harris (Dec 20)
- <Possible follow-ups>
- Re: TCP/UDP Data Streams - Packet Reassembly Guy Harris (Dec 20)
- Re: TCP/UDP Data Streams - Packet Reassembly Richard Sharpe (Dec 27)
- Re: TCP/UDP Data Streams - Packet Reassembly Guy Harris (Dec 18)