File Carving with EH/RX


#1

I’ve seen info about precision packet capture being used to capture files off the wire.
Does anyone know if there is a way to do file carving/reconstruction with normal triggers?

For instance, if I want to passively pull all files of a specific filetype out of a pcap stream to a file server and forward it somewhere else for analysis, how would I go about that?

Thanks!