Hosting Provided By

Re: Removing HTTP headers from tcpdump logs

From: George W. Capehart <gwc(at)capehassoc.com>
Date: Wed May 07 2003 - 17:23:39 EDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 07 May 2003 12:20 pm, Jarkko Turkulainen wrote:
> > My question to the list: What tools/methods are used to manually
> > remove the HTTP headers that prevent the (easy/quick) recovery of
> > files over HTTP?
>
> Text editor! I use the vi editor to edit the TCP session file. Just
> "dd" the headers and the emtpy line after them, and the file is ready
> for recovery. tar might give a warning because of the extra carrier
> return character in the end of the file, but it really works!

If it's a big file, or if you have several, awk or Perl might be more efficient . . .

/g
- --
George W. Capehart

"With sufficient thrust, pigs fly just fine . . ."

RFC 1925

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+uXl1PhMbfSg3fpARAinzAJ45Ofe0YG2vAhfBZ9DaQZbfXquPIwCcCG8V uACExKmM5vVxwenXY0VawZ8=
=WVA6
-----END PGP SIGNATURE-----

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu May 8 17:59:57 2003

This message: [ Message body ]
Next message: Chris Mawer: "Removing HTTP headers from tcpdump logs"
Previous message: Kurt Seifried: "Re: Computer Forensics"
In reply to: Jarkko Turkulainen: "Re: Removing HTTP headers from tcpdump logs"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:44 EDT

Do you need help?