[Oisf-users] Strip headers from a data stream
Edward Fjellskål
edwardfjellskaal at gmail.com
Sat Aug 20 15:00:07 UTC 2011
$ tcpflow -Cr your.pcap
(for tcp connections...)
(does not reassemble stream)
On 08/20/2011 10:15 AM, Gene Albin wrote:
> Hi all,
> This question is just a bit off topic, but I thought that the security
> experts here would surely know how to do this.
>
> We're doing some research here on a large chunck of anonymous network
> data and want to strip the protocol headers off of the data in the
> capture file. There is a mixture of protocols in the capture files,
> including ip, tcp and udp. Reassembly of the streams doesn't matter.
> Just want to get to the data without any of the protocol header
> overhead. There is a LOT of data so an automated process is preferred
> over a manual process.
>
> I've been looking into ngrep as a possibility but am not familiar
> enough with how to use it. Wondering if anyone has any suggestions on
> how to get the data out of a captured network stream. Thanks.
>
> Gene Albin
> gene.albin at gmail.com <mailto:gene.albin at gmail.com>
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list