Reconstruct meaningful data from tcpdumps?
Thomas
fwd at gothschlampen.com
Sat Jul 10 11:16:54 UTC 2010
On Fri, Jul 09, 2010 at 11:17:55PM -0600, Modulok wrote:
Hi,
> Is there a way to reconstruct network traffic from a tcpdump file? Or
> something similar? As in: analyze the dump file and attempt to
> re-construct files transfered though http, ftp, known messenger
> protocols, instant message conversations, http requests, web pages,
> and so forth?
>
> There's a bunch of tools on Windows that say they do this to some
> extent or another, but they require a client-side installation, cost a
> lot of money, or are crawling with malicious code. I can read tcpdump
> files, (to an extent) but viewing a hex dump of a jpeg is futile.
Try http://chaosreader.sourceforge.net/
Most probably there is a port of it.
Regards
Thomas
More information about the freebsd-questions
mailing list