I'm working as consultant, pentester and sometimes still as second-level-security guy for a rather huge company.
Occasionally I have to analyze tcp-streams, and occasionally I came to a point where i had to extract files out of huge dumps. What I found during my last research about a year ago was not really usable - i hacked together a few lines of perl to extract exactly what i wanted - this didn't deliver exact files, but was enough to help me solve a problem.
Jim Clausing, one of the more practical guys over at ISC described the same problem recently and asked the readers of the ISC-Blog for software that is able to extract files from pcap-dump. People came out with a load of promising solutions:
* NetworkMiner http://networkminer.sourceforge.ne/
* tcpxtract http://tcpxtract.sourceforge.net/)
* bro http://www.bro-ids.org/
* foremost http://foremost.sourceforge.net/
* Chaosreader http://chaosreader.sourceforge.net/
* tcptrace http://www.tcptrace.org/
* tcpick http://tcpick.sourceforge.net/
* xtract.py http://www.malforge.com/npeid/xtract.py
Not all of them might do exactly what you want - but this is defintely the best overview on pcap-file-extractors I ever came across.
Tom
3 comments:
You can definitely see your expertise in the work you write. The world hopes for more passionate writers like you who are not afraid to say how they believe. Always follow your heart.
j ai passé un bon moments et j en ai eue plein les yeux!!!
voyance par mail
Un petit mot pour vous dire que votre blog est super!
voyance gratuite question par email
Post a Comment