Reconstruct meaningful data from tcpdumps?

Modulok modulok at
Sat Jul 10 05:18:10 UTC 2010

Is there a way to reconstruct network traffic from a tcpdump file? Or
something similar? As in: analyze the dump file and attempt to
re-construct files transfered though http, ftp, known messenger
protocols, instant message conversations, http requests, web pages,
and so forth?

There's a bunch of tools on Windows that say they do this to some
extent or another, but they require a client-side installation, cost a
lot of money, or are crawling with malicious code. I can read tcpdump
files, (to an extent) but viewing a hex dump of a jpeg is futile.

If that makes any sense.
Thanks guys!

More information about the freebsd-questions mailing list