Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Reassembling TCP for a netcat session

From: Atomikramp <atomikramp () email it>
Date: Wed, 9 Jun 2010 16:33:36 +0200
Hello everyone,


i have a question for you :), do you know if there is a way, using
wireshark, to reassemble PDUs from a netcat session?


becouse i have lots of packets containing a "data" payload that are all part
of the same stream, and i would like to extract and reassemble that payload
for further analysis.


it's an exe file transfered using netcat (actually a reverse connection from
metasploit framework stager), and i'm looking for advices on how to dump
that file from the pcap.


Thanks in advice. 
 --
 Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP
autenticato? GRATIS solo con Email.it: http://www.email.it/f
 
 Sponsor:
 Cerchi un jeans alla moda a meno di 20 Euro? Visita Piazzaitalia.it e
scopri tutta la collezione primavera-estate 2010
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=10489&d=20100609


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: