API tools faq
paste
Advertisement
Purplestuff

Search strings in PCAPs using TShark and Certutil

Purplestuff
Oct 15th, 2019
217
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.55 KB | None | 0 0
raw download clone embed print report
  1. Usage: Foo.bat FILE.PCAP SEARCHSTRING
  2. If you can do it with TShark, you should use TShark :o)
  3. -----------------------------
  4. @echo off
  5. echo y | del t.hex
  6. echo y | del t.txt
  7. echo y | del results.hex
  8. echo y | del results.txt
  9.  
  10. echo %2 >t.txt
  11.  
  12. rem 12 = hexstream
  13. rem 8 = hexbytes, for earlier versions of tshark (space separated bytes)
  14. certutil -f -encodehex t.txt t.hex 12
  15.  
  16. set /p HEX=<t.hex
  17. set HEX=%HEX:~0,-6%
  18. tshark -r %1 -T fields -e data "data" | find /i "%HEX%" >results.hex
  19. certutil -f -decodehex results.hex results.txt
  20. notepad results.txt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!