Susan Chan Lee wrote: >Anyone know where to obtain information of re-assembling TCP/UDP data >streams. > >I mean I have captured data using Tcpdump (i.e. raw data), how to I >recombine the data into the orginal word attachment (or like)? Cannot >seem to find any information anywhere on the technical involved in this. > > > As others have already mentioned, ethereal is a terrific open source protocol analyzer with some abilities to do TCP session "playback" but out of the box it will not break. For commercial products, and I am in no way affiliated with any of these, I have heard of NetDetector, NetIntercept, and NetWitness all playing in this arena. -Bryan Strong bstrongat_private ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:18:35 PST