On Fri, Jul 14, 2000 at 11:47:42AM -0500, tarun@xxxxxxxxxxxxx wrote:
>
>
>
> Hi Guy,
>
> Thanx for your previous help with packet sniffers. Can you give me a step
> by step instruction on how exactly I go about RECONSTRUCTING a file from
> the packets I sniff.... I have done a lot of research on this but have not
> come up with a concrete method of doing this.....Say I send a 5KB
> attachment through hotmail..... how do I reconstruct that file and the
> E-mail from the packets I sniff..... It should be possible.... if anyone
> has ACTUALLY done something like this...please help me....I'v been trying
> to do this for almost 45 days now... I need HELP!
It _is_ possible, but we have no tool to do this. I want Ethereal to
be able to do this, but it cannot do so yet.
The "Follow TCP" function in Ethereal will reconstruct the packets,
so you can get the TCP data stream. There's no way to save it yet.
If you were able to save the TCP data stream, you'd have a file which
included the headers of whatver protocol it is that's running on top
of TCP, like HTTP, plus the data.
So then, you'd have to hand-edit the file to remove those headers.
Then depending on how the file is transmitted (e.g., base64 encoded),
you might have to do further processing to retrieve the file.
Sorry, but our tool can't do it yet.
--gilbert
