Date: Sat, 10 Jul 2010 13:16:27 +0200 From: Thomas <fwd@gothschlampen.com> To: Modulok <modulok@gmail.com> Cc: "questions@freebsd.org" <questions@freebsd.org> Subject: Re: Reconstruct meaningful data from tcpdumps? Message-ID: <20100710111627.GA24650@gothschlampen.com> In-Reply-To: <AANLkTilJ5yaHT6Q-oW2JUEHmjkTkY19rCXC3uJPZiCGO@mail.gmail.com> References: <AANLkTilJ5yaHT6Q-oW2JUEHmjkTkY19rCXC3uJPZiCGO@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 09, 2010 at 11:17:55PM -0600, Modulok wrote: Hi, > Is there a way to reconstruct network traffic from a tcpdump file? Or > something similar? As in: analyze the dump file and attempt to > re-construct files transfered though http, ftp, known messenger > protocols, instant message conversations, http requests, web pages, > and so forth? > > There's a bunch of tools on Windows that say they do this to some > extent or another, but they require a client-side installation, cost a > lot of money, or are crawling with malicious code. I can read tcpdump > files, (to an extent) but viewing a hex dump of a jpeg is futile. Try http://chaosreader.sourceforge.net/ Most probably there is a port of it. Regards Thomas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100710111627.GA24650>