Friday, August 28, 2009

Extracting Files from a tcpdump

I'm working as consultant, pentester and sometimes still as second-level-security guy for a rather huge company.
Occasionally I have to analyze tcp-streams, and occasionally I came to a point where i had to extract files out of huge dumps. What I found during my last research about a year ago was not really usable - i hacked together a few lines of perl to extract exactly what i wanted - this didn't deliver exact files, but was enough to help me solve a problem.

Jim Clausing, one of the more practical guys over at ISC described the same problem recently and asked the readers of the ISC-Blog for software that is able to extract files from pcap-dump. People came out with a load of promising solutions:


Not all of them might do exactly what you want - but this is defintely the best overview on pcap-file-extractors I ever came across.

Tom

1 comment:

voyance gratuite en ligne said...

You can definitely see your expertise in the work you write. The world hopes for more passionate writers like you who are not afraid to say how they believe. Always follow your heart.