Network Forensic Tool Python Script to Analyze SYN packets uses PCAP and TSHARK

This script is used for forensic analysis to analyze SYN packets – requires pcap file and tshark =================================================================================================analyse_syn_packets.py=================================================================================================import numpy,sysfrom subprocess import Popen, PIPE “””Script to calculate how often a ip or tcp field changes in a pcap file for a specified destinationip address and port. Usage: python analyse_syn_packets.py <pcap file> <dst ip address> <port> <tshark … Read more

Forensics HTTP Analysis script that uses PCAP and TSHARK to analyse any anomalous HTTP traffic

HTTP Analysis script that uses PCAP and TSHARK to analyse any anomalous HTTP traffic #! /usr/bin/perl -w# Network Forensics Puzzle Contest #3# Alan Tu <alantu@as2.info># January 2, 2010 # http_analysis.pl v1.01# Uses tshark to output the IP addresses, TCP ports, and key HTTP request and response headers from a PCAP file.# Usage: http_analysis.pl [-d tcp.port] … Read more