List, I have a recently acquired tcpdump logfile on my hands. It captured several megabytes of data, including several ftp, ssh and http sessions. In trying to recover files from the sessions captured, Ive run into two problems. 1. The SSH data is encrypted, but was captured by a network-wide keystroke logger. (I don't wish to debate the ethics here..) 2. With the FTP sessions, running the tcpdump file through ethereal allowed me to "Follow TCP Stream" and recover the files transferred perfectly. However, trying to do the same with the HTTP sessions didnt work too well. My question to the list: What tools/methods are used to manually remove the HTTP headers that prevent the (easy/quick) recovery of files over HTTP? RFC's on the issue, whilst informative are 20 years old. What does the modern-day homosapien forensics investigator do? Many thanks, Chris Mawer _________________________________________________________________ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 14:49:44 PDT