Powered by GitBook

Network Traffic Analysis

Basic PCAP File Parsing

require 'packetfu'
packets = PacketFu::PcapFile.read_packets 'packets.pcap'

Download packets.pcap file.

Find FTP Credentials

#!/usr/bin/env ruby
require 'packetfu'

pcap_file = ARGV[0]
packets = PacketFu::PcapFile.read_packets pcap_file

packets.each_with_index do |packet, i|
  if packet.tcp_dport == 21
    if packet.payload.match(/(USER|PASS)/)
      src = [packet.ip_src].pack('N').unpack('C4').join('.')
      dst = [packet.ip_dst].pack('N').unpack('C4').join('.')
      puts "#{src} => #{dst}"
      print packet.payload
    end
  end
end

Returns

192.168.2.127 => 192.168.2.128
USER ayoi
192.168.2.127 => 192.168.2.128
PASS kambingakuilang

Download ftp.pcap file

results matching ""

No results matching ""