> Thanx for your previous help with packet sniffers. Can you give me a step
> by step instruction on how exactly I go about RECONSTRUCTING a file from
> the packets I sniff.... I have done a lot of research on this but have not
> come up with a concrete method of doing this.....Say I send a 5KB
> attachment through hotmail..... how do I reconstruct that file and the
> E-mail from the packets I sniff..... It should be possible.... if anyone
> has ACTUALLY done something like this...please help me....I'v been trying
> to do this for almost 45 days now... I need HELP!
This really depends on what you'd trying to do, Ethereal certain isn't
suitable for it in its current state (as Guy said). If its intercepting
mail on the local network, which is by the way illegal if its not your own
mail your sniffing, you'll find mailsnarf in the dsniff packacge available
from www.packetfactory.net to be perf3ct. If its other web traffic, you'll
need to hack up something yourself quickyl using libnids, an awesome
little tcp connection defragmenter based on Linux kernel code. Hacking up
the sample program provided with the library to do almost anything is
exceptionall easy.
That said, if you don't feel comfortable hacking around in C, don't
bother :(
Cheers,
Shaun
