G'Day, Chaosreader has been mentioned here before, it's a freeware tool to process TCP/UDP/ICMP/Application data from snoop/tcpdump logs.
It can now process X11 and VNC, including playback (experimental). The mains features are now, Reads snoop and tcpdump logs Processes TCP, UDP, ICMP, IPv4 and IPv6 HTTP transfers (HTML, JPG, GIF, zip, ...) HTTP GET/POST content reports HTTP traffic log reports SMTP emails FTP files (active transfers) IRC sessions telnet sessions (also generates realtime playback scripts) X11 sessions (experimental X11 playback feature) VNC sessions (experimental VNC playback feature) Hex dumps ... So far it's helped to convince people to use encryption - ssh or IPSec. Quick Usage: snoop -o /tmp/out1 chaosreader /tmp/out1 netscape index.html Main Website: http://www.brendangregg.com/chaosreader.html Or just web search for "chaosreader". More features (and bug fixes) will be added in future versions. Enjoy! Brendan Gregg [Sydney, Australia] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html