tag:blogger.com,1999:blog-7652481.post115352951850568206..comments2022-01-23T23:10:44.623-05:00Comments on Infosec Potpourri: Extracting gzipped or Unix script files from pcap dataDavidJBiancohttp://www.blogger.com/profile/09760835714791462863noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-7652481.post-1153764540743926162006-07-24T14:09:00.000-04:002006-07-24T14:09:00.000-04:00I think we can add those signatures to improve tcp...I think we can add those signatures to improve tcpxtract signatures database. I have actually added the other two at the link here - <BR/><BR/>http://geek00l.blogspot.com/2006/04/tcpxtract-addon.html<BR/><BR/>By the way, I think we can just avoid the false positive by filtering out ssl traffic with bpf since normally it is just encrypted and meaningless to run tcpxtract kind of tools on it, it is more suitable to use tcpxtract on generic network traffics indeed.<BR/><BR/>Cheers :]C.S.Leehttps://www.blogger.com/profile/10778262436985693992noreply@blogger.com