tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called 'carving') is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. Tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network. Other tools that fill a similar need are driftnet and EtherPEG. Driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and are commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG are that they only support three file types with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundaries. Tcpxtract features the following: Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file. With a quick conversion, you can use your old Foremost config file with tcpxtract. Custom written search algorithm is lightning fast and very scalable. Search algorithm searches across packet boundaries for total coverage and forensic quality. Uses libpcap, a popular, portable, and stable library.