|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: project
From: Martin Mačok (martin.macok
underground.cz)
Date: Wed Jun 04 2003 - 06:34:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Apr 29, 2003 at 09:00:46AM -0700, ashwini ajjappa wrote:
> Anyone know where to obtain information of re-assembling TCP/UDP
> data streams.
Search for "tcpflow" (http://www.circlemud.org/) or "ethereal"
(function Follow TCP Stream).
> I mean I have captured data using Tcpdump (i.e. raw data), how to
> I recombine the data into the orginal word attachment (or like)?
Sometimes simple perl/shell/awk scripts do the job when the
application protocol is simple or you can search for Pandora
(http://savannah.nongnu.org/projects/pandora/) or ContExt (Content
Extractor - non-free commercial product, http://www.inetd.com)
> Cannot seem to find any information anywhere on the technical
> involved in this.
Have you searched through forensics mailing list archive? Your task
is more from forensics area than from pen-tests ...
--
Martin Mačok http://underground.cz/
martin.macokunderground.cz http://Xtrmntr.org/ORBman/
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]