From owner-freebsd-questions@FreeBSD.ORG Sat Jul 10 11:16:54 2010 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 014B2106567A for ; Sat, 10 Jul 2010 11:16:54 +0000 (UTC) (envelope-from fwd@gothschlampen.com) Received: from vs.gothschlampen.com (vs.gothschlampen.com [85.93.11.85]) by mx1.freebsd.org (Postfix) with ESMTP id BC3778FC15 for ; Sat, 10 Jul 2010 11:16:53 +0000 (UTC) Received: by vs.gothschlampen.com (Postfix, from userid 667) id 927EB1D24A5; Sat, 10 Jul 2010 13:16:27 +0200 (CEST) Date: Sat, 10 Jul 2010 13:16:27 +0200 From: Thomas To: Modulok Message-ID: <20100710111627.GA24650@gothschlampen.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Cc: "questions@freebsd.org" Subject: Re: Reconstruct meaningful data from tcpdumps? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jul 2010 11:16:54 -0000 On Fri, Jul 09, 2010 at 11:17:55PM -0600, Modulok wrote: Hi, > Is there a way to reconstruct network traffic from a tcpdump file? Or > something similar? As in: analyze the dump file and attempt to > re-construct files transfered though http, ftp, known messenger > protocols, instant message conversations, http requests, web pages, > and so forth? > > There's a bunch of tools on Windows that say they do this to some > extent or another, but they require a client-side installation, cost a > lot of money, or are crawling with malicious code. I can read tcpdump > files, (to an extent) but viewing a hex dump of a jpeg is futile. Try http://chaosreader.sourceforge.net/ Most probably there is a port of it. Regards Thomas