Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Snarf files from a sniff dump

from [Jim Morgan] Network Security [Permanent Link]
Subject: RE: Snarf files from a sniff dump
Date: Mon, 27 Feb 2006 10:06:13 +0800
At 25/02/2006 21:00, you wrote: 
I am looking for a tool to snarf files (e.g. Word documents etc.) from a
sniff dump (e.g. ethereal or tcpdump) in an M$ Windows LAN (SMB) or
between a client and a printer (PS, PCL etc.). Does someone know such
tools (I know Dsniff, but it is not exactly what I am looking for)?


http://tcpxtract.sourceforge.net/

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called "carving") is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. Tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network. Other tools that fill a similar need are driftnet and EtherPEG. driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and is commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG is that they only support three filetypes with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundries. tcpxtract features the following:
Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file.
With a quick conversion, you can use your old Foremost config file with tcpxtract.
Custom written search algorithm is lightning fast and very scalable.
Search algorithm searches across packet boundries for total coverage and forensic quality.
Uses libpcap, a popular, portable and stable library for network data capture.
Can be used against a live network or a tcpdump formatted capture file.


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Windows Administrator access, security
Next by Date:  Re: Windows Administrator access, intel96
Previous by Thread:  Re: Snarf files from a sniff dump, freed0m [hacktimes.com]
Next by Thread:  Re: Snarf files from a sniff dump, Nagareshwar Talekar
Indexes:  [Date] [Thread] [Top] [All Lists]