Hosting Provided By

Re: [tcpdump-workers] TCP/UDP Data Streams - Packet Reassembly

From: Guy Harris <guy(at)netapp.com>
Date: Wed Dec 18 2002 - 14:58:58 EST

On Thu, Dec 19, 2002 at 12:08:27AM +0800, Susan Chan Lee wrote:
> Anyone know where to obtain information of re-assembling TCP/UDP data

There's more to it than just "re-assembling TCP/UDP data streams"; as you said "word attachment", it sounds as if you're talking about e-mail, in which case, for example, reassembling a TCP data stream for an SMTP session would give you the SMTP traffic - but you'd have to extract the stuff sent with the "DATA" command, and then de-MIMEify it to extract the attachments.

Similarly, for a document downloaded with HTTP, reassembly would give you only the HTTP traffic; you'd have to extract the document from that.

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Dec 19 12:38:04 2002

This message: [ Message body ]
Next message: Berg Robin Capt MSG/SO: "RE: Is it possible to recover recently deleted emails from an Out look PST file?"
Previous message: Andrew Rosen: "Clusters and the meaning of life"
In reply to Susan Chan Lee: "TCP/UDP Data Streams - Packet Reassembly"
Next in thread: Martin Hermanowski: "Re: TCP/UDP Data Streams - Packet Reassembly"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:42 EDT