Is there a way to......

[dpellegrini]

Is there a way to recreate the data in a capture into it's original format? For example: You are monitoring e-mail traffic, suspecting that company secrets are being leaked by e-mail. How could you recreate an e-mail and any attachments from a capture? Are there utilities that can rebuild the captured packets?
Domenick Pellegrini
dpellegrini@yahoo.com

 

[alail]

Sniffer doesn't do that, but Iris does

 

[fortunat]

If you use Ethereal (free) and open the Sniffer TRace, you can select 'follow TCP Stream'.

Not pretty but may help out. 'Making things work better; bit by bit.'

 

[AZeemeri]

Indeed, I've seen IRIS doing a good job in that

 

[dpellegrini]

I'll check it out. Thanks
Domenick Pellegrini
dpellegrini@yahoo.com

 

[jkeeper]

Where can i find more information about IRIS?

Jkeeper

 

[CDron]

The vendor for Iris is eEye Digital Security. go to http:\\

http://www.eeye.com

 

[fortunat]

You might want to look at App Dancer

http://www.appdancer.com.

Really cool presentation of showing you the exact email, webpage, streaming video or audio.

It can read trace files or capture itself.

There's a free download on their site with a time limited version, but fully functional.

Regards 'Making things work better; bit by bit.'

 

[wybnormal]

Appdancer looks very cool... yet another toy to play with in my spare time ;-)

MikeS
Find me at

http://www.packetattack.com

"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu

 

[olddataguy]

Try the AppDancer/FA
It shows the e-mail and other important applications on the fly.
It is able to monitor as well as capture data.
You can alos replay captured Sniffer files and see tha e-mail content in e-mail format.
And much more.
Try downloading at AppDancer.com, then replay your Sniffer files -.cap, .enc...etc