From: John Daniele (johnd@tsintel.com)
Date: Wed Jan 28 2004 - 17:44:15 EST
Well, Silent Runner was already mentioned.. other commercially
available products include:
ContExt (www.inetd.com),
SessionWall (www.e92plus.com)
A less expensive approach, albeit more manual would be to script the
interception with Jordan Ritter's ngrep (ngrep.sourceforge.net).
Also, don't forget that tcpdump -x is your friend.
For general packet reassembly tools, search sourceforge or freshmeat!
ttyl,
_________________________________________
John Daniele
President and CEO
Technical Security & Intelligence Inc.
Toronto, ON
Voice: (416) 684-3627
E-mail: johnd@tsintel.com
Web: http://www.tsintel.com
On Fri, 23 Jan 2004, Don Parker wrote:
> Hello there, well any old packet sniffer will intercept the data you are looking for
> really. Are you asking if it is possible to rebuild the captured binary transfer of say
> a jpeg, avi, and the such back to it's original form? If so then there is no such tool
> to my knowledge which will do that for you.
>
> Cheers
>
> -------------------------------------------
> Don Parker, GCIA
> Intrusion Detection Specialist
> Rigel Kent Security & Advisory Services Inc
> www.rigelksecurity.com
> ph :613.249.8340
> fax:613.249.8319
> --------------------------------------------
>
> On Jan 23, sil <jesus@resurrected.us> wrote:
>
>
> Many commercial packet sniffers can reconstruct packet dumps, sniffit,
> NAI's Sniffer, etc. There was a product out a few years back called
> Hailstorm which offered pretty neat features, I used the beta for about a
> month testing it, but don't recall who made it, nor have I seen any more
> information on it. Iris from eEye also does reconstruction, but haven't
> used it in recent months.
>
> If you're looking for some hardware based boxes that can do the job and
> then some check out Niksun's NetDetector (<a
> href='http://www.niksun.com/'>http://www.niksun.com/>), or
> Sandstorm's NetIntercept (<a
> href='http://www.sandstorm.com/'>http://www.sandstorm.com/>). But if you're just
> looking for general information on reconstruction, you could probably
> google +"packet sniffer" +reconstruct or any combination of that.
>
> NANOG just had a thread that might have interested you this week: "What's
> the best way to wiretap a network?" which would likely give you a ton of
> ideas of what those in the networking industry are using/doing. Merit.edu
> has the archives somewhere in there (too tired to open a browser sorry.)
>
>
> > Hi List
> >
> > Anyone know of the tool which reconstructs captured data?? For example
> > intercepted email with attachments or ftp data.
> >
> > I saw a flash demo sometime ago at www.sainstitute.org about digital
> > surveillance techniques which they cover in DefensiveForensics and
> > DefensiveHacking. This demo has since been
> > removed :-( any ideas anyone?
> >
> > Thx
> > Kerri
> >
>
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> Quis custodiet ipsos custodes? - Juvenal
>
> J. Oquendo / sil
> GPG Key ID 0x51F9D78D
> Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D
> <a href='http://pgp.mit.edu:11371/pks/lookup?
> op=get&search=0x51F9D78D'>http://pgp.mit.edu:11371/pks/lookup?
> op=get&search=0x51F9D78D</a>
>
> sil @ politrix . org <a href='http://www.politrix.org'>http://www.politrix.org>
> sil @ infiltrated . net <a
> href='http://www.infiltrated.net'>http://www.infiltrated.net>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
>
>
> -----------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT