this helps analysts to extract files from DICOM, HTTP, IMF, SMB and TFTP.
this helps analysts detect and collect cleartext credentials from FTP, HTTP, IMAP, POP and SMTP
Last updated
root@dco:~$ tshark -r demo.pcapng --export-objects http,/home/ubuntu/Desktop/extracted-by-tshark -q
# view the target folder content.
root@dco:~$ ls -l /home/ubuntu/Desktop/extracted-by-tshark/
total 24
-rw-r--r-- 1 ubuntu ubuntu 'ads%3fclient=ca-pub-2309191948673629&random=1084443430285&lmt=1082467020&format=468x60_as&o
-rw-r--r-- 1 ubuntu ubuntu download.htmlroot@dco:~$ tshark -r credentials.pcap -z credentials -q
===================================================================
Packet Protocol Username Info
------ -------- -------- --------
72 FTP admin Username in packet: 37
80 FTP admin Username in packet: 47
83 FTP admin Username in packet: 54
118 FTP admin Username in packet: 93
123 FTP admin Username in packet: 97
167 FTP administrator Username in packet: 133
207 FTP administrator Username in packet: 170
220 FTP administrator Username in packet: 184
230 FTP administrator Username in packet: 193
....
===================================================================root@dco:~$ tshark -V -r smallFlows.pcap -Y "udp.port==67 or udp.port==68" -T fields -e dhcp.option.hostname | nl | awk NF
1 student01-PC
2 vinlap01