Reconstruct meaningful data from tcpdumps?
modulok at gmail.com
Sat Jul 10 05:18:10 UTC 2010
Is there a way to reconstruct network traffic from a tcpdump file? Or
something similar? As in: analyze the dump file and attempt to
re-construct files transfered though http, ftp, known messenger
protocols, instant message conversations, http requests, web pages,
and so forth?
There's a bunch of tools on Windows that say they do this to some
extent or another, but they require a client-side installation, cost a
lot of money, or are crawling with malicious code. I can read tcpdump
files, (to an extent) but viewing a hex dump of a jpeg is futile.
If that makes any sense.
More information about the freebsd-questions