RE: Snarf files from a sniff dump

From: Jim Morgan (peripatetic@myrealbox.com)
Date: Sun Feb 26 2006 - 21:06:13 EST


At 25/02/2006 21:00, you wrote:
>I am looking for a tool to snarf files (e.g. Word documents etc.) from a
>sniff dump (e.g. ethereal or tcpdump) in an M$ Windows LAN (SMB) or
>between a client and a printer (PS, PCL etc.). Does someone know such
>tools (I know Dsniff, but it is not exactly what I am looking for)?

http://tcpxtract.sourceforge.net/

tcpxtract is a tool for extracting files from network traffic based
on file signatures. Extracting files based on file type headers and
footers (sometimes called "carving") is an age old data recovery
technique. Tools like Foremost employ this technique to recover files
from arbitrary data streams. Tcpxtract uses this technique
specifically for the application of intercepting files transmitted
across a network. Other tools that fill a similar need are driftnet
and EtherPEG. driftnet and EtherPEG are tools for monitoring and
extracting graphic files on a network and is commonly used by network
administrators to police the internet activity of their users. The
major limitations of driftnet and EtherPEG is that they only support
three filetypes with no easy way of adding more. The search technique
they use is also not scalable and does not search across packet
boundries. tcpxtract features the following:
Supports 26 popular file formats out-of-the-box. New formats can be
added by simply editing its config file.
With a quick conversion, you can use your old Foremost config file
with tcpxtract.
Custom written search algorithm is lightning fast and very scalable.
Search algorithm searches across packet boundries for total coverage
and forensic quality.
Uses libpcap, a popular, portable and stable library for network data capture.
Can be used against a live network or a tcpdump formatted capture file.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:34 EDT