Find username and password in pcap file
Need a getline
. Example
$ tshark -r assign1.pcap -R 'smtp' -2 2>&1 | awk '$9=="334"{print $10;getline;print $9}' | base64 -d && echo
Username:abcPassword:def
$
Reference
Related videos on Youtube
DisplayName9
Updated on September 18, 2022Comments
-
DisplayName9 over 1 year
I am completing an assignment where I am given a pcap file to extract data from. The question is, Find username and password in pcap file. This is what I have so far.
$ tshark -r assign1.pcap -R 'smtp' -2 | awk '{if($9=="334") print $10}' | base64 -d
tshark
makes the pcap file readable and will only select lines that have the word SMTP in the line.I then pipe that info into awk, awk will then select the lines I need and then pipe that info to base64 to decode the fields.
The output I am getting is
But I do not know how to select the actual username and password and decode them. Here is what the file normally looks like, the fields underlined are the username and passwords I need to find and decode. I need to figure out how to find and decode the fields underlined in line 6 and line 8.
NOTE: The pcap file: https://ufile.io/jsfjr