search
githubEdit

Pcap Analysis

hashtag
Extract Information from a Pcap File

hashtag
Extract Credentials

hashtag
Pcredz

Install Pcredz

apt install python3-pip && sudo apt-get install libpcap-dev && pip3 install Cython && pip3 install python-libpcap

# extract credentials from a pcap file
python3 ./Pcredz -f file-to-parse.pcap

# extract credentials from all pcap files in a folder
python3 ./Pcredz -d /tmp/pcap-directory-to-parse/

# extract credentials from a live packet capture on a network interface (need root privileges)
python3 ./Pcredz -i eth0 -v
Pcredz Example

hashtag
Ngrep

Install ngrep

If you are looking for something inside the pcap you can use ngrep. Here is an example using the main filters:

Ngrep Example

hashtag
Extract Information

hashtag
Scapy

hashtag
More Scapy Commands

summary()

displays a list of summaries of each packet

nsummary()

same as previous, with the packet number

conversations()

displays a graph of conversations

show()

displays the preferred representation (usually nsummary())

filter()

returns a packet list filtered with a lambda function

hexdump()

returns a hexdump of all packets

hexraw()

returns a hexdump of the Raw layer of all packets

padding()

returns a hexdump of packets with padding

nzpadding()

returns a hexdump of packets with non-zero padding

plot()

plots a lambda function applied to the packet list

make_table()

displays a table according to a lambda function

hashtag
REFERENCES

PreviousNetwork ForensicsNextWindows Forensics

Last updated