Re: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly

• Previous message: Kolde, Jennifer E.: "RE: Win2k audit logs - HELP!"
• In reply to: Susan Chan Lee: "[Full-Disclosure] TCP/UDP Data Streams - Packet Reassembly"
• Next in thread: Guy Harris: "Re: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly"
• Next in thread: samuelat_private: "Re: TCP/UDP Data Streams - Packet Reassembly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 19 Dec 2002, Susan Chan Lee wrote:

> Anyone know where to obtain information of re-assembling TCP/UDP data
> streams. 
> 
> I mean I have captured data using Tcpdump (i.e. raw data), how to I
> recombine the data into the orginal word attachment (or like)? Cannot
> seem to find any information anywhere on the technical involved in this.

Well, Ethereal can follow TCP streams, so that is a start ... You might 
have to get your hands dirty in the code to do more :-)

Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: samuelat_private: "Re: TCP/UDP Data Streams - Packet Reassembly"
• Previous message: Kolde, Jennifer E.: "RE: Win2k audit logs - HELP!"
• In reply to: Susan Chan Lee: "[Full-Disclosure] TCP/UDP Data Streams - Packet Reassembly"
• Next in thread: Guy Harris: "Re: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly"
• Next in thread: samuelat_private: "Re: TCP/UDP Data Streams - Packet Reassembly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:26:56 PST