Monday, June 15, 2015

tshark and pcapline from Wesley McGrew

I came across where I wanted to separate out TCP streams and I found a couple of solutions that met my needs.  The first solution is using tshark and I found it at the following link and I have adapted and saved the bash script below:



#!/bin/bash

# This is a script that seperates out based on a tcp.stream's of a pcap
# Adapted from the script found at https://ask.wireshark.org/questions/4677/easy-way-to-save-tcp-streams
# Check to see if the argument for the pcap file has been supplied
if [ $# -eq 0 ]; then
	echo "Usage: ./script.sh file.pcap"
	echo
	exit
else
	pcapFile=$1
fi

# Create the output directory if it does not exist
outputDir="output"
if [ ! -d $outputDir ]; then
	mkdir output
fi

# Seperate the streams into seperate files
for stream in `tshark -r ${pcapFile} -T fields -e tcp.stream | sort -n | uniq`
do
    tshark -r ${pcapFile} -w $outputDir/stream-$stream.cap -Y "tcp.stream==$stream"
done

The second script was pcapline by Wesley McGrew.  I only made one change to fix the title tag in the html to allow the html to output correctly in Chrome and Firefox.  The original code is located here and below with my incorporated change I have placed it on my drive here.
at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Test Authentication from Linux Console using python3 pexpect

Working with the IT420 lab, you will discover that we need to discover a vulnerable user account.  The following python3 script uses the pex...