Date: Fri, 9 Jul 2010 23:00:06 -0700 From: Bill Campbell <freebsd@celestial.com> To: freebsd-questions@freebsd.org, "questions@freebsd.org" <questions@freebsd.org> Subject: Re: Reconstruct meaningful data from tcpdumps? Message-ID: <20100710060006.GA11325@ayn.mi.celestial.com> In-Reply-To: <AANLkTilJ5yaHT6Q-oW2JUEHmjkTkY19rCXC3uJPZiCGO@mail.gmail.com> References: <AANLkTilJ5yaHT6Q-oW2JUEHmjkTkY19rCXC3uJPZiCGO@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 09, 2010, Modulok wrote: >Is there a way to reconstruct network traffic from a tcpdump file? Or >something similar? As in: analyze the dump file and attempt to >re-construct files transfered though http, ftp, known messenger >protocols, instant message conversations, http requests, web pages, >and so forth? I like the tcpflow program for things like this. Its command syntax is very similar to tcpdump, but I find it much more useful as it creates a file for each side of a tcp conversation containing the traffic. This can be very handy when debugging things like IMAP connections. I have also used it to capture web pages that I couldn't save in a browser to see what was actually being sent. Bill -- INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792 Guns are no more responsible for killing people than the spoon is responsible for making Rosie O'Donnell fat.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100710060006.GA11325>