Mr Bartlett Blogs
  • Ramblings...
  • OLD_CEFKorg
    • New CEFKorg Page!
    • About Computer Equipment For Kids
    • Alliance of Awesomeness
    • How do I help?
    • The Places We've Been
    • Tutorials
    • Learning Sites
    • Conferences

TSHARKIN'

12/15/2011

0 Comments

 
__Wrote a quick BATCH file (because Windows was all that was available) to use TSHARK to parse through some capture files.  The script below will parse out DNS info, HTTP information, IP Stat Information, TCP/UDP Information, and Protocol Type Information.  The batch when run will create a Directory (using the filename) and create the output files in the created directory...
:: usage: tshark_ALL.bat <FILENAMEOFCAPTURE>.pcap
@ECHO OFF

echo "###########READY TO PARSE#########"
echo "#######CREATING OUTPUT DIRECTORY######"
mkdir %1_DIR


echo "########Running DNS Extractions######"
"c:\Program Files\Wireshark\tshark.exe" -r %1 -R "udp.port == 53" -T fields -E separator=#  -e frame.time -e ip.src_host -e ip.dst_host -e ip.proto -e dns.qry.name > %1_DIR\dnstraffic.%1.txt


echo "#######Running WEB Extractions######"
"c:\Program Files\Wireshark\tshark.exe" -r %1 -T fields -E separator=#  -e frame.time -e ip.src_host -e ip.dst_host -e ip.proto -e tcp.srcport -e tcp.dstport -e http.user_agent -e http.request.method -e http.host -e http.request.uri > %

1_DIR\httptraffic.%1.txt


echo "#######Running HTTP REQUEST Extractions######"
"c:\Program Files\Wireshark\tshark.exe" -r %1 -T fields -E separator=#  -e http.host -e http.request.uri > %1_DIR\http_requests.%1.txt

echo "#######IP STAT FILE CREATION####
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q  -z ip_hosts,tree > %1_DIR\ipstats.%1.txt

echo "#####TCP CONVERSATION FILE CREATION####
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q  -z conv,tcp > %1_DIR\tcpconvo.%1.txt

echo "#####UDP CONVERSATION FILE CREATION####
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q  -z conv,udp > %1_DIR\udpconvo.%1.txt

echo "#####ETH CONVERSATION FILE CREATION####
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q  -z conv,eth > %1_DIR\ethconvo.%1.txt

echo "#####Protocol Types CONVERSATION FILE CREATION####
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q  -z ptype,tree > %1_DIR\ptypes.%1.txt

echo "#####HTTP INFO FILE CREATION####
echo "#####HTTP TREE SECTION####" > %1_DIR\httpstats.%1.txt
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q  -z http,tree >> %1_DIR\httpstats.%1.txt


echo "#####HTTP REQUEST TREE SECTION####" >> %1_DIR\httpstats.%1.txt
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q  -z http_req,tree >> %1_DIR\httpstats.%1.txt

echo "#####HTTP REQUEST TREE SECTION####" >> %1_DIR\httpstats.%1.txt
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q  -z http_req,tree >> %1_DIR\httpstats.%1.txt

echo "#####HTTP SERVER TREE SECTION####" >> %1_DIR\httpstats.%1.txt
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q  -z http_srv,tree >> %1_DIR\httpstats.%1.txt

echo "##FINISHED PARSING###"

Tshark Reference Links:
http://www.packetlevel.ch/html/tshark/tsharkfilt.html

0 Comments



Leave a Reply.

    Author

    Security Researcher with about 20 years in the Computer Security Field. Going to talk even if no one is listening..

    email: mrbartlett <at> mrbartlett.com

    View my profile on LinkedIn
    Picture

    Archives

    January 2022
    June 2021
    February 2020
    June 2019
    October 2018
    September 2018
    August 2018
    March 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    December 2015
    August 2013
    January 2013
    September 2012
    June 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011

    Categories

    All
    Activation
    Agile
    Backup
    Centos Vmware Interfaces Error
    Collaboration
    Communication
    Computer Security Scans Passwords
    Conferences
    Drones
    Emergency Response
    Exploit Kits
    Exploits
    Life
    Links
    Malware Security Dnschanger
    Organization
    Passwords
    Patches
    Phish Security Email
    Project Management
    Rfun
    Scrum
    Security
    Security Blackhole Exploit Kit Browser Phish
    Security New
    Software Development
    Team
    Windows
    Work

    RSS Feed

Powered by Create your own unique website with customizable templates.