[Dshield] Tool to Reassemble wireshark capture
Jon Kibler
Jon.Kibler at aset.com
Thu Jun 5 04:38:00 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cox, Shawn wrote:
> Could anyone recommend a tool to parse a wireshark capture to reconstruct http traffic including images?
>
> --Shawn
A few tools not already mentioned that I have used with great success:
tcpflow -- reconstructs tcp sessions
honeysnap -- from the Honeynet project, extracts many types of data from
pcap files
tcpreplay + dsniff tools -- replay a pcap file and grab data using the
tools in dsniff.
I have also used chaosreader and tcpxtract, mentioned previously.
All these tools work slightly differently, but all do their intended job
well.
Hope this is helpful!
Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhHbacACgkQUVxQRc85QlNhbQCfZWHK9ny/oeIU4TdTQ2xbZtP/
R7cAnjWHMUUIg9SxOVTUf+dxEJv9Mvnc
=yXfU
-----END PGP SIGNATURE-----
=========================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
More information about the list
mailing list