extract files from network traffic based on file signatures

tcpxtract is a fast console tool to extract files from network traffic based on file headers and footers and its patterns (so called carving).

Currently, 26 file formats are supported out of the box by tcpxtract but new formats can be added without problems. Foremost configurations are simple to convert to tcpxtract configuration files.

tcpxtract uses libpcap. So, it can read network dumps generated by tcpdump or wireshark or similar programs. tcpxtract is useful in network auditing and for forensics investigations.

Značky: System Administration: Monitoring, Implementované v: C, User Interface: interface::commandline, protocol::ethernet, Role: Program, Scope: scope::utility, security::log-analyzer, Purpose: Monitoring

