-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathfindtsharkbytes.py
More file actions
executable file
·41 lines (26 loc) · 876 Bytes
/
Copy pathfindtsharkbytes.py
File metadata and controls
executable file
·41 lines (26 loc) · 876 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/python
import sys
import subprocess
import os
input=sys.argv[1]
filter=sys.argv[2]
compare="cp2-5000-anon.pcapng"
comparefilter="tcp.payload"
searchlen = 27*2
searchfile = compare
print "Extracting bytes from "+input+" with filter "+filter
output = subprocess.check_output(["tshark","-r",input,"-T","fields","-e",filter])
output = output.replace('\n', ':')
output = output.replace(':', '')
t = iter(output)
output = ':'.join(a+b for a,b in zip(t, t))
print "Extracted "+str(len(output))+" data "+output[0:30]+"..."
def checkbytes(chars):
result = subprocess.check_output(["tshark","-r",searchfile,"-Y","frame contains "+chars])
if result != "":
print "Found: "+chars[0:11]+"... in "+searchfile
else:
print "Did not find: "+chars[0:11]+"..."
for c in xrange(0, len(output), searchlen):
chars = output[c:c+searchlen-1]
checkbytes(chars)