If you are already capturing your packets and are trying to figure out how to best use these PCAP files and the data in them, I have released a python package consisting of two scripts to help you gain intelligence from the packets. The primary script "pktIntel.py" retrieves IP addresses, Domains, URLS, http host information along with TLS Server Name Indication information and compares this to data in your existing PCAPs.
To learn more about this package, checkout the project repository on GitHub: https://github.com/SecurityNik/pktIntel
No comments:
Post a Comment