This is a real story. I spent about 30 mins composing and posting a thoughtful message to an online forum. Upon hitting submit, something broke and the server returned an error. Hitting the back button or pressing refresh did not work. After a burst of profanity, I recalled that we have a full capture NSM tool (Trisul) running in our company. In a little $500 appliance, capturing every flow, URL, and packet our two ISP connections see.
I was able to recover my message within 1 minute.
This little 4-minute screencast shows you how to
- Pull up list of URLs
- Use the form to filter POST requests to specific server
- Pull out PCAPs into a reconstruction tool like Unsniff Network Analyzer
- Locate data in reconstructed (ie, unzipped, dechunked) content
Please excuse the poor audio and the developers voice !
The next post will be about automating this whole process using Ruby and Trisul Remote Protocol.