tag:blogger.com,1999:blog-7125388813790553343.post4275473855182542664..comments2011-07-14T14:28:57.243-07:00Comments on JeiTV: File Carving pcap files.jeihttp://www.blogger.com/profile/17486919552924247731noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-7125388813790553343.post-79095331317568957512011-02-18T09:04:10.274-08:002011-02-18T09:04:10.274-08:00Unfortunately we ended our xbox live account short...Unfortunately we ended our xbox live account shortly after this blog due to moving. But I have seen a lot of VoIP based carving. Chat messages are fairly easy to do when using something like foremost as it will try to extract all text strings. The best way I have found is either opening the file in wireshark and setting the filter to the chat protocol such as "MSNMSG" or something close to that. Also using tcpreplay has allowed me to do live re-captures of certain packets in other applications. For example there are a few windows only programs for instant messenger sniffing, so I can replay the packets from linux into an interface connected to a hub and the windows machine (plugged into the same hub) will pick up on the conversations. With any luck later this year I will get a chance to do more playing around. Check out IronGeek.com for videos on VoIP and other network items. His site is a bit old school, but his videos are top notch.jeihttps://www.blogger.com/profile/17486919552924247731noreply@blogger.comtag:blogger.com,1999:blog-7125388813790553343.post-66317885048387165202011-02-18T06:43:18.128-08:002011-02-18T06:43:18.128-08:00Hi Jei,
Did you ever get anywhere with carving xb...Hi Jei,<br /><br />Did you ever get anywhere with carving xbox live audio chat or text chat out of pcaps? I'm also interested in recording VoIP convos from my XBox and think that capturing packets for later reconstruction might be a good way to do it.<br /><br />Cheers!Unknownhttps://www.blogger.com/profile/11960983845370583270noreply@blogger.comtag:blogger.com,1999:blog-7125388813790553343.post-58493881071437297432009-06-11T08:26:45.217-07:002009-06-11T08:26:45.217-07:00A great tool to extract and reassemble files sent ...A great tool to extract and reassemble files sent with HTTP, FTP, TFTP or SMB is <a href="http://networkminer.sourceforge.net/" rel="nofollow">Network Miner</a><br /><br />Just open a pcap file and all transfered files are extracted to the "Files" tab in NetworkMiner. There is also a driftnet-like functionality under the "Images" tab that show all images that are transfered with any of these protocols.<br /><br />NetworkMiner is available here:<br /><a href="http://sourceforge.net/projects/networkminer" rel="nofollow">http://sourceforge.net/projects/networkminer</a>Erikhttps://www.blogger.com/profile/02718221303459023327noreply@blogger.com