Hello, Our commercial product ContExt (Content Extractor) will create images/docs from a raw packet stream 7x24 in real-time and handle frags, out of sequence packets etc. It creates web reports of the content and allows searches and tracking of addresses. Its a hardware/software solution packaged as a device. It handles GIG ethernet and 20,000+ concurrent connections. It supports JPEG/GIF/PNG/Word/Excel/MP3/PDF/PS/POP3/MBOX/PPT/ZIP etc etc formats that you can view from a web page. See http://www.inetd.com for details. It supports PCAP recordings as well as live traffic. Its not free, so maybe thats no use to you. Joe. -----Original Message----- From: owner-tcpdump-workersat_private [mailto:owner-tcpdump-workersat_private]On Behalf Of Guy Harris Sent: Wednesday, December 18, 2002 11:59 AM To: Susan Chan Lee Cc: pen-testat_private; forensicsat_private; tcpdump-workersat_private Subject: Re: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly On Thu, Dec 19, 2002 at 12:08:27AM +0800, Susan Chan Lee wrote: > Anyone know where to obtain information of re-assembling TCP/UDP data > streams. > > I mean I have captured data using Tcpdump (i.e. raw data), how to I > recombine the data into the orginal word attachment (or like)? There's more to it than just "re-assembling TCP/UDP data streams"; as you said "word attachment", it sounds as if you're talking about e-mail, in which case, for example, reassembling a TCP data stream for an SMTP session would give you the SMTP traffic - but you'd have to extract the stuff sent with the "DATA" command, and then de-MIMEify it to extract the attachments. Similarly, for a document downloaded with HTTP, reassembly would give you only the HTTP traffic; you'd have to extract the document from that. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-requestat_private?body=unsubscribe ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:29:21 PST