Re: Reconstruct meaningful data from tcpdumps?
On Fri, Jul 09, 2010 at 11:17:55PM -0600, Modulok wrote: Hi, > Is there a way to reconstruct network traffic from a tcpdump file? Or > something similar? As in: analyze the dump file and attempt to > re-construct files transfered though http, ftp, known messenger > protocols, instant message conversations, http requests, web pages, > and so forth? > > There's a bunch of tools on Windows that say they do this to some > extent or another, but they require a client-side installation, cost a > lot of money, or are crawling with malicious code. I can read tcpdump > files, (to an extent) but viewing a hex dump of a jpeg is futile. Try http://chaosreader.sourceforge.net/ Most probably there is a port of it. Regards Thomas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Reconstruct meaningful data from tcpdumps?
On Fri, Jul 09, 2010, Modulok wrote: >Is there a way to reconstruct network traffic from a tcpdump file? Or >something similar? As in: analyze the dump file and attempt to >re-construct files transfered though http, ftp, known messenger >protocols, instant message conversations, http requests, web pages, >and so forth? I like the tcpflow program for things like this. Its command syntax is very similar to tcpdump, but I find it much more useful as it creates a file for each side of a tcp conversation containing the traffic. This can be very handy when debugging things like IMAP connections. I have also used it to capture web pages that I couldn't save in a browser to see what was actually being sent. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 Guns are no more responsible for killing people than the spoon is responsible for making Rosie O'Donnell fat. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Reconstruct meaningful data from tcpdumps?
Is there a way to reconstruct network traffic from a tcpdump file? Or something similar? As in: analyze the dump file and attempt to re-construct files transfered though http, ftp, known messenger protocols, instant message conversations, http requests, web pages, and so forth? There's a bunch of tools on Windows that say they do this to some extent or another, but they require a client-side installation, cost a lot of money, or are crawling with malicious code. I can read tcpdump files, (to an extent) but viewing a hex dump of a jpeg is futile. If that makes any sense. Thanks guys! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"