Skip to content

freshvolk/BittorrentReconstituter

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

289 Commits

docs

docs

 
 

file_reconstituter

file_reconstituter

 
 

pcap_parser

pcap_parser

 
 

sample_pcaps

sample_pcaps

 
 

.gitignore

.gitignore

 
 

Doxyfile

Doxyfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README

README

 
 

driver.cpp

driver.cpp

 
 

Repository files navigation

BitTorrent-Reconstituter is the work of Charlie Moore, Aaron Lovato, and Thomas
Coppi for the CS 489 Network Forensics class.

This program can be run on live input or a .pcap file.  It will parse out the
BitTorrent files that were transferred and reconstruct them.  If a torrent file
is specified, it will break the files up appropriately and give them the correct
filenames.  Otherwise it'll output one big file whose filename is the checksum
of its contents.  This big file will be all the other files concatenated
together.  They must be cut up manually if we don't have the torrent file,
because there is no way for us to know the file boundries without it.

===--------------------------------------------------------------------------===

Requirements
------------
A POSIX compatible system is required, as well as the boost, pcap, and OpenSSL
libraries. We have tested on Linux and Mac OS X.

Compilation
-----------
To build the project for most configurations, run make with no targets, which
will create an executable named "btfinder".  The following targets are also
available:
  tags: build vi style tags
  goodtags: build emacs style tags
  apidocs: generate doxygen autodocs
  clean: remove generated files

Usage: ./btfinder [options] <input files>
  The input files can be any number of pcap files and possibly the accompanying
  torrent files.  If torrent files are specified, the program will attempt to
  match them with the pcap files for verification and file splitting.

Example usage:
./btfinder ./sample_pcaps/mippo.pcap ./sample_pcaps/mippo-creative_v92.mp3.torrent

Options:
  The '=' in the long form for any of these options is optional.

  --help
    Show a help message describing these options

  --interface[=]<iface>, -i <iface>
    Specify the interface you want to listen for live input.  Offline processing
    will not be done with this mode.

  --input-file[=]<filename>, -r <filename>
    Specify filenames for offline processing.  Any non-pcap/torrent files will
    be ignored.  This option doesn't work if -i was specified as well.  Any
    extra arguments at the end will be added as an input file as well

About

Reconstitutes transmitted bittorrent files from a network capture

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published