On Mon, 26 Jan 2004, Thhoep wrote:

> ngrep is a pure transport layer filter


A little more, but yes.

> dsniff is a pure sniffing tool without ability to save http contents


Then you did not look into all the dsniff tools.

> driftnet is pretty cool. it does just what i want, but supports only soo few
> file formats.


Can easily be extended if you need more.

> what did you mean by IIRC? i know it only as a irc client.


If I Recall Correcly.

> as i said driftnet is almost what i want. but why does the logging software
> have to have knowledge about the file format?


Because of what driftnet is designed to be doing: Online display of what
is currently flowing. Without knowing the file format it can not display..

> arent binaries transportet over http just mime encoded and thats it?


yes.

> cant it just decode it back to binaries and save the mime type as part
> of the filename?


in theory yes.

> i know that e.g. ethereal is capable of restoring the binary data stream
> out of a tcp connection. isnt there a similar tool that can restore
> files transportet over http and save them along with their mime type?
> or is there something for ftp transfers?


I don't know of such tool, but it may well exists somewhere.

It should not be hard to extend driftnet to do this if you like. Should
also not be hard to write one using libnids from scratch.

Regards
Henrik