Results 1 to 8 of 8

Thread: Ripping images from ethereal captures?

  1. #1
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130

    Ripping images from ethereal captures?

    I am currently investigating an ethereal capture file somewhere in the range of 3 MB. What I am looking for is a tool which will extract all the image files in that capture file that were fully transferred during that time.

    Perhaps a tool which would rebuild each conversation and save them all as HTML files would work, since the image data would no longer be fragmented (hey - I need a tool that does that, too)

    Does anyone know of a tool like this, which could rebuild fragmented image files (such as the case with an ethereal capture) from unrelated media?
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  2. #2
    Junior Member
    Join Date
    Aug 2003
    Posts
    28
    I don't know of any tool that can take packets captured by ethereal and turn them into files
    but I do know of one that will capture packets and turn them into files NetworkActiv PIAFCTM

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Nope... it won't load another file. It won't even recognize the individual packets if I FTP it to myself. I know this program exists. I just need help finding it.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  4. #4
    Junior Member
    Join Date
    Aug 2003
    Posts
    28
    I thought you meant http data packets, not ftp. The program i mentioned only works with http data packets, sorry i didn't mention that.

  5. #5
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    cant u do it urself? i have ethereal too and doesnt it show the raw data of the packet? shouldt u just be able to put that in a text file and save it with the extention u think it has and whalla u have the picture or program? i dunno its a far shot but if the data is right there in plain site u should be able to copy paste and compile.

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    deftones
    You can't just copy the data out of ethereal. Close, but not quite. First off, ethernet packets are small - 1.5K a piece, so the image will be split up among the packets. You can probably swing this using a hex editor, though.

    Striek
    If you feel like a bit of hacking, the source for etherpeg might be a good place to start. It listens to network traffic and extracts the images that flow by. (Which is pretty close to what you're looking for.)

  7. #7
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Yes, I can extract the images individually, but that would take days. Ethereal does have the abilitiy to reconstruct conversations.

    However, I am looking at over a thousand images. To extract them all manually would take weeks.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    Maybe it would help if you stated what your attempting to do because to me it sounds like your trying to intercept images someone else is downloading. If that’s the case and you’re the admin, install a caching proxy. If not, depending on your network configuration, maybe you could set yourself up as a man in the middle posing as the gateway with a cashing proxy. It might just be easier to get a shell on the machine and dir /s *.jpg or whatever from c:\

    If this isn’t the case then you have a reason to state your purpose.

    If its essential that the data be extracted from that time you might investigate making or having someone make a perl script to extract binary data by packet and merging it into single files. im going to search around and see if one already exists. if i find one ill let you know.



    this looks like it'll do it:

    http://packetstormsecurity.nl/Exploi...ve/dumptcplink

    # This script has the same command line interface as tcpdump since it's fed # directly to tcpdump :-). The output is a bunch of files containing the tcp # data and can be quite useful when you need to reconstruct the original data. # eg a .gif file.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •