tcpxtract
tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called 'carving') is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. Tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network. Other tools that fill a similar need are driftnet and EtherPEG. Driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and are commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG are that they only support three file types with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundaries. Tcpxtract features the following: Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file. With a quick conversion, you can use your old Foremost config file with tcpxtract. Custom written search algorithm is lightning fast and very scalable. Search algorithm searches across packet boundaries for total coverage and forensic quality. Uses libpcap, a popular, portable, and stable library.
FEATURES
SIMILAR TOOLS
A free, open-source network protocol analyzer for capturing and displaying packet-level data.
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
WiGLE.net is a platform that collects and provides data on WiFi networks and cell towers, with over 1.3 billion networks collected.
Tor Browser is a free and open-source software that allows users to browse the internet anonymously and privately.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.
A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.
Snort is an open source intrusion prevention system that uses rules to detect and prevent malicious network activity.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.