Find username and password in pcap file
Need a getline. Example
$ tshark -r assign1.pcap -R 'smtp' -2 2>&1 | awk '$9=="334"{print $10;getline;print $9}' | base64 -d && echo
Username:abcPassword:def
$
Reference
Related videos on Youtube
03 : 07
01 : 57
11 : 55
08 : 24
05 : 01
DisplayName9
Updated on September 18, 2022Comments
-
DisplayName9 over 1 year
I am completing an assignment where I am given a pcap file to extract data from. The question is, Find username and password in pcap file. This is what I have so far.
$ tshark -r assign1.pcap -R 'smtp' -2 | awk '{if($9=="334") print $10}' | base64 -dtsharkmakes the pcap file readable and will only select lines that have the word SMTP in the line.I then pipe that info into awk, awk will then select the lines I need and then pipe that info to base64 to decode the fields.
The output I am getting is
But I do not know how to select the actual username and password and decode them. Here is what the file normally looks like, the fields underlined are the username and passwords I need to find and decode. I need to figure out how to find and decode the fields underlined in line 6 and line 8.
NOTE: The pcap file: https://ufile.io/jsfjr