This repository contains scripts and resources for analyzing a pcap file using tcpdump. It includes general commands for working with tcpdump and a specific analysis script that examines a given pcap file.
tcpdump.sh→ Contains general tcpdump commands that can be used for packet capturing, filtering, and analysis.pcap_analysis.sh→ A script that specifically analyzes the pcap file and extracts relevant network traffic information.screenshots/→ Contains screenshots of important command outputs from the analysis.
The pcap file used for analysis was obtained from:
[https://github.com/MalwareCube/SOC101/blob/main/course_files/02_Network_Security.zip]
Thank you TCM security for providing this pcap file.
Note: The pcap file is not included in this repository.
-
Ensure
tcpdumpis installed:sudo apt-get install tcpdump
-
To view general tcpdump commands:
cat tcpdump.sh
-
To run the pcap file analysis script:
bash pcap_analysis.sh
-
Refer to the screenshots/ folder for captured results.
###Below screenshots shows the output and the commands
-
The total number of packets and icmp packets
-
ASN
-
HTTP GET and POST requests
-
Extract the fields and excluding the date
-
Host information in the ASCII format
-
Found Credentials
-
Other well-known TCP port other than HTTP port 80
-
Credentials used to access the file sharing server for sharing file
-
Finding unique user from User-Agent
-
OSINT to find the Malware
-
URL that the endpoint tried to connect to the User-Agent
