[Oisf-users] Strip headers from a data stream

Edward Fjellskål edwardfjellskaal at gmail.com
Sat Aug 20 15:00:07 UTC 2011

$ tcpflow -Cr your.pcap

(for tcp connections...)
(does not reassemble stream)

On 08/20/2011 10:15 AM, Gene Albin wrote:
> Hi all,
>   This question is just a bit off topic, but I thought that the security
> experts here would surely know how to do this.
>   We're doing some research here on a large chunck of anonymous network
> data and want to strip the protocol headers off of the data in the
> capture file.  There is a mixture of protocols in the capture files,
> including ip, tcp and udp.  Reassembly of the streams doesn't matter. 
> Just want to get to the data without any of the protocol header
> overhead.  There is a LOT of data so an automated process is preferred
> over a manual process.
>   I've been looking into ngrep as a possibility but am not familiar
> enough with how to use it.  Wondering if anyone has any suggestions on
> how to get the data out of a captured network stream.  Thanks.
> Gene Albin
> gene.albin at gmail.com <mailto:gene.albin at gmail.com>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

More information about the Oisf-users mailing list