You might not believe this but this tool has helped me a lot in my security endeavors. Recently, I was auditing a network for a customer. We were told that we can carry out an almost Black Hat type of assessment on his network, on the condition that we do not take his network down completely! He wanted it to be extensive and thought that his network was impregnable.
As with everything mechanical and human, everything is very much exploitable! We were doing pretty much everything right from sniffing his traffic to DoS attacks. We were finding it difficult to reconstruct files that we sniffed. I used TcpXtract, and all our problems were resolved!
It is a Linux based tool that can read through a dd image file or a disk partition and extracts the files based on their headers and other attributes! We could reconstruct text files, images, MS Excel documents that were being sent through the network! One of the files was an un-passworded MS Excel document which had a list of all the internal devices, with critical information such as their IOS, etc. Another file sent through was a password file for their internal mail relay servers!
TcpXtract has been inspired by another program: Foremost. Though TcpXtract is meant to be used as a network forensics tool, we did not use it in that direction. The only problem that this tool has given us till date is that it wont process large media files. Media files can be JPEGs, BMPs, MPEGs, AVIs, etc. Hope that the author fixes this flaw someday!
Features:
- Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file.
- You can also use your old Foremost config file with tcpxtract.
- It’s search algorithm is lightning fast and very scalable.
- The search algorithm can search across packet boundaries for total coverage and forensic quality.
- Uses libpcap, a popular, portable and stable library for network data capture.
- Can be used against a live network or a tcpdump formatted capture file.
Pretty neat for an open source application I must say!
The latest version is 1.5.5, which was released on October 14 2008.
Download it here.
Related Blogs
- Related Blogs on Internet security
- PC Tools Internet Security 2009 rapidshare megaupload free full …
- Grab Free iolo System Shield 3 Internet Security with License key …
- eScan Internet Security Suite | Cheap Software Program
- COMODO Internet Security 3.9.73015.489 BETA | World Boxx
- AVG Internet Security SBS Edition 8.5.287 | World Boxx
- Joyce Dallas
- Related Blogs on linux
- SysAdmin’s Diary :: Debian GNU/Linux 5.0 Released
- The Linux Mint Blog » Blog Archive » The Mint Newsletter – issue 75
- 451 CAOS Theory » Another desktop test for Linux
- Plush Dallas
- Related Blogs on Network Forensics
- TechLiteracy » 802.11 Network Forensic Analysis
- Wireshark Network Forensics and Security DVD (WSU04)
- Related Blogs on Security Reconnaissance
- Related Blogs on TcpXtract
- BlogTorrent » Archive » tcpxtract – TCP Flow Recorder
tcpxtract, tcpxtract windows, tcpxtract tutorial, tcpxtract config file, tcpxtract para windows, grab files from network traffic, tcpxtract alternative, tcpxtract configuration, tcpxtract example config, tcpxtract para windows?, tcpxtract win32, tcpxtract windows alternative, alternative to tcpxtract, tcpxtract config, tcpxtract cap file, tcpextract windows, Tcpextract for windows, tcpextract, recover files wireshark, editing tcpxtract configuration file
You must log in to post a comment.