Re: project

From: Martin Mačok (martin.macok@underground.cz)
Date: Wed Jun 04 2003 - 07:34:29 EDT

• Next message: Patrick Webster: "TCP port 41523"
• Previous message: Dan Perez: "RE: Hiding scheduled tasks in 2K/XP"
• In reply to: ashwini ajjappa: "project"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, Apr 29, 2003 at 09:00:46AM -0700, ashwini ajjappa wrote:

> Anyone know where to obtain information of re-assembling TCP/UDP
> data streams.

Search for "tcpflow" (http://www.circlemud.org/) or "ethereal"
(function Follow TCP Stream).

> I mean I have captured data using Tcpdump (i.e. raw data), how to
> I recombine the data into the orginal word attachment (or like)?

Sometimes simple perl/shell/awk scripts do the job when the
application protocol is simple or you can search for Pandora
(http://savannah.nongnu.org/projects/pandora/) or ContExt (Content
Extractor - non-free commercial product, http://www.inetd.com)

> Cannot seem to find any information anywhere on the technical
> involved in this.

Have you searched through forensics@ mailing list archive? Your task
is more from forensics area than from pen-tests ...

-- 
         Martin Mačok                 http://underground.cz/
   martin.macok@underground.cz        http://Xtrmntr.org/ORBman/
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Patrick Webster: "TCP port 41523"
• Previous message: Dan Perez: "RE: Hiding scheduled tasks in 2K/XP"
• In reply to: ashwini ajjappa: "project"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:34 EDT