Hosting Provided By

RE: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly

From: Joe Elliott <joe(at)inetd.com>
Date: Wed Dec 18 2002 - 15:41:39 EST

Hello,

Our commercial product ContExt (Content Extractor) will create images/docs from a raw packet stream 7x24 in real-time and handle frags, out of sequence packets etc. It creates web reports of the content and allows searches and tracking of addresses. Its a hardware/software solution packaged as a device. It handles GIG ethernet and 20,000+ concurrent connections.

It supports JPEG/GIF/PNG/Word/Excel/MP3/PDF/PS/POP3/MBOX/PPT/ZIP etc etc formats that you can view from a web page.

See http://www.inetd.com for details. It supports PCAP recordings as well as live traffic.

Its not free, so maybe thats no use to you.

Joe.

-----Original Message-----
From: owner-tcpdump-workers@sandelman.ottawa.on.ca [mailto:owner-tcpdump-workers@sandelman.ottawa.on.ca]On Behalf Of Guy Harris
Sent: Wednesday, December 18, 2002 11:59 AM To: Susan Chan Lee
Cc: pen-test@securityfocus.com; forensics@securityfocus.com; tcpdump-workers@tcpdump.org
Subject: Re: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly

On Thu, Dec 19, 2002 at 12:08:27AM +0800, Susan Chan Lee wrote:
> Anyone know where to obtain information of re-assembling TCP/UDP data

Do you need help?

There's more to it than just "re-assembling TCP/UDP data streams"; as you said "word attachment", it sounds as if you're talking about e-mail, in which case, for example, reassembling a TCP data stream for an SMTP session would give you the SMTP traffic - but you'd have to extract the stuff sent with the "DATA" command, and then de-MIMEify it to extract the attachments.

Similarly, for a document downloaded with HTTP, reassembly would give you only the HTTP traffic; you'd have to extract the document from that. -
This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use
mailto:tcpdump-workers-request@tcpdump.org?body=unsubscribe

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Dec 19 12:28:51 2002

This message: [ Message body ]
Next message: Andrew Rosen: "Clusters and the meaning of life"
Previous message: Simon Patarin: "RE: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly"
In reply to: Guy Harris: "Re: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly"
In reply to Susan Chan Lee: "TCP/UDP Data Streams - Packet Reassembly"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:42 EDT