On Tue, Apr 29, 2003 at 09:00:46AM -0700, ashwini ajjappa wrote: > Anyone know where to obtain information of re-assembling TCP/UDP > data streams.
Search for "tcpflow" (http://www.circlemud.org/) or "ethereal" (function Follow TCP Stream). > I mean I have captured data using Tcpdump (i.e. raw data), how to > I recombine the data into the orginal word attachment (or like)? Sometimes simple perl/shell/awk scripts do the job when the application protocol is simple or you can search for Pandora (http://savannah.nongnu.org/projects/pandora/) or ContExt (Content Extractor - non-free commercial product, http://www.inetd.com) > Cannot seem to find any information anywhere on the technical > involved in this. Have you searched through forensics@ mailing list archive? Your task is more from forensics area than from pen-tests ... -- Martin Mačok http://underground.cz/ [EMAIL PROTECTED] http://Xtrmntr.org/ORBman/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
