Evan Hughes
Although network traffic is usually specification-based, and reconstructable by endpoints; there are few tools designed to reconstruct large volumes of application layer data. This talk presents a library called "qcap" designed to reconstruction IP, TCP, and application-layer streams on top of TCP (eg: FTP, SMTP, HTTP, etc) at high speeds on commodity hardware.