Saturday, May 9, 2020

Using TShark For Continuous Packet Monitoring and Packet Intelligence

If you are already capturing your packets and are trying to figure out how to best use these PCAP files and the data in them, I have released a python package consisting of two scripts to help you gain intelligence from the packets. The primary script "" retrieves IP addresses, Domains, URLS, http host information along with TLS Server Name Indication information and compares this to data in your existing PCAPs.

To learn more about this package, checkout the project repository on GitHub:

No comments:

Post a Comment