On Thu, Dec 19, 2002 at 12:08:27AM +0800, Susan Chan Lee wrote: > Anyone know where to obtain information of re-assembling TCP/UDP data > streams. > > I mean I have captured data using Tcpdump (i.e. raw data), how to I > recombine the data into the orginal word attachment (or like)?
There's more to it than just "re-assembling TCP/UDP data streams"; as you said "word attachment", it sounds as if you're talking about e-mail, in which case, for example, reassembling a TCP data stream for an SMTP session would give you the SMTP traffic - but you'd have to extract the stuff sent with the "DATA" command, and then de-MIMEify it to extract the attachments. Similarly, for a document downloaded with HTTP, reassembly would give you only the HTTP traffic; you'd have to extract the document from that. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
