[Oisf-users] Strip headers from a data stream

Gene Albin gene.albin at gmail.com
Sat Aug 20 08:15:32 UTC 2011


Hi all,
  This question is just a bit off topic, but I thought that the security
experts here would surely know how to do this.

  We're doing some research here on a large chunck of anonymous network data
and want to strip the protocol headers off of the data in the capture file.
There is a mixture of protocols in the capture files, including ip, tcp and
udp.  Reassembly of the streams doesn't matter.  Just want to get to the
data without any of the protocol header overhead.  There is a LOT of data so
an automated process is preferred over a manual process.

  I've been looking into ngrep as a possibility but am not familiar enough
with how to use it.  Wondering if anyone has any suggestions on how to get
the data out of a captured network stream.  Thanks.

Gene Albin
gene.albin at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110820/a4643759/attachment-0002.html>


More information about the Oisf-users mailing list