Re: Removing HTTP headers from tcpdump logs

From: Jarkko Turkulainen (jtat_private)
Date: Wed May 07 2003 - 09:20:58 PDT

Next message: George W. Capehart: "Re: Removing HTTP headers from tcpdump logs"

Previous message: Amarante, Rodrigo P.: "RE: Finding root-kits on Windows"
In reply to: Chris Mawer: "Removing HTTP headers from tcpdump logs"
Next in thread: George W. Capehart: "Re: Removing HTTP headers from tcpdump logs"
Reply: George W. Capehart: "Re: Removing HTTP headers from tcpdump logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> My question to the list: What tools/methods are used to manually remove the
> HTTP headers that prevent the (easy/quick) recovery of files over HTTP?

Text editor! I use the vi editor to edit the TCP session file. Just "dd"
the headers and the emtpy line after them, and the file is ready for
recovery. tar might give a warning because of the extra carrier return
character in the end of the file, but it really works!


Best regards,

--
Jarkko Turkulainen <jtat_private>







-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: George W. Capehart: "Re: Removing HTTP headers from tcpdump logs"
Previous message: Amarante, Rodrigo P.: "RE: Finding root-kits on Windows"
In reply to: Chris Mawer: "Removing HTTP headers from tcpdump logs"
Next in thread: George W. Capehart: "Re: Removing HTTP headers from tcpdump logs"
Reply: George W. Capehart: "Re: Removing HTTP headers from tcpdump logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 08 2003 - 14:58:01 PDT