Extracting Files from a tcpdump

Occasionally I have to analyze tcp-streams, and occasionally I came to a point where i had to extract files out of huge dumps. What I found during my last research about a year ago was not really usable - i hacked together a few lines of perl to extract exactly what i wanted - this didn't deliver exact files, but was enough to help me solve a problem.

Jim Clausing, one of the more practical guys over at ISC described the same problem recently and asked the readers of the ISC-Blog for software that is able to extract files from pcap-dump. People came out with a load of promising solutions:

Not all of them might do exactly what you want - but this is defintely the best overview on pcap-file-extractors I ever came across.

Category Article

One Response to “c0decstuff”

What's on Your Mind...

Thank f' u C0mment