Reconstruct meaningful data from tcpdumps?
freebsd at celestial.com
Sat Jul 10 06:29:53 UTC 2010
On Fri, Jul 09, 2010, Modulok wrote:
>Is there a way to reconstruct network traffic from a tcpdump file? Or
>something similar? As in: analyze the dump file and attempt to
>re-construct files transfered though http, ftp, known messenger
>protocols, instant message conversations, http requests, web pages,
>and so forth?
I like the tcpflow program for things like this. Its command
syntax is very similar to tcpdump, but I find it much more useful
as it creates a file for each side of a tcp conversation
containing the traffic.
This can be very handy when debugging things like IMAP
I have also used it to capture web pages that I couldn't save in
a browser to see what was actually being sent.
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
Guns are no more responsible for killing people than the spoon is
responsible for making Rosie O'Donnell fat.
More information about the freebsd-questions