A product that I have used and can vouch for is Iris by eEye. That product has the BEST user interface I have seen on any Sniffer. It also has a decode feature so you can capture packets and decode them and view upper layer information. For example for Http you can view the html or xml that was transported and it will even show you step by step what was sent back and forth. You can also edit the packet and reinject it into the network. Check out the free trial. -----Original Message----- From: Susan Chan Lee [mailto:susan.leeat_private] Sent: Wednesday, December 18, 2002 8:08 AM To: pen-testat_private; forensicsat_private; tcpdump-workersat_private Subject: TCP/UDP Data Streams - Packet Reassembly Anyone know where to obtain information of re-assembling TCP/UDP data streams. I mean I have captured data using Tcpdump (i.e. raw data), how to I recombine the data into the orginal word attachment (or like)? Cannot seem to find any information anywhere on the technical involved in this. Thanks Susan Chan Lee Security Associates - Singapore ************************************************************* Advanced Hands-On Security in the Arabic Gulf DefensiveHacking and DefensiveForensics, Qatar January 2003 www.securityassoc.com/DefensiveCourse.pdf ************************************************************* ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Dec 24 2002 - 01:17:31 PST