# Commands as used by the script, written out for educational purposes. tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -r dump_180504_1639_gdO.pcap -qz hosts > dump_180504_1639_gdO.hosts tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -o "nameres.network_name: FALSE" -r dump_180504_1639_gdO.pcap -qz conv,ip > dump_180504_1639_gdO.conv-ip -rw-r--r-- 1 mr mr 2983 2018-05-04 18:54 dump_180504_1639_gdO.hosts (but the dump_180504_1639_gdO.hosts -rw-r--r-- 1 mr mr 1645 2018-05-04 18:54 dump_180504_1639_gdO.conv-ip (but the dump_180504_1639_gdO.conv-ip needs to be reordered yet) -rw-r--r-- 1 mr mr 2983 2018-05-04 18:54 dump_180504_1639_gdO.hosts -rw-r--r-- 1 mr mr 1645 2018-05-04 18:55 dump_180504_1639_gdO.conv-ip tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -r dump_180504_1639_gdO.pcap -V -Y 'http.request.method==POST' > dump_180504_1639_gdO.POST tshark-http-uri.sh -k dump_180504_1639_gdO_SSLKEYLOGFILE.txt -r dump_180504_1639_gdO.pcap tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -q -r dump_180504_1639_gdO.pcap -T fields -e 'frame.number' -e 'http.request.full_uri' | grep -E '^[0-9]{1,9}[[:space:]][[:alpha:]]' > dump_180504_1639_gdO-frame-http-request-full_uri.txt -rw-r--r-- 1 mr mr 10721 2018-05-04 18:55 dump_180504_1639_gdO.POST -rw-r--r-- 1 mr mr 372 2018-05-04 18:55 dump_180504_1639_gdO-frame-http-request-full_uri.txt -rw-r--r-- 1 mr mr 372 2018-05-04 18:55 dump_180504_1639_gdO-frame-http-request-full_uri.txt -rw-r--r-- 1 mr mr 97 2018-05-04 18:55 dump_180504_1639_gdO.hosts-worked-ls-1 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NOTICE-could-not-be-resolved-NOTICE | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 192.168.1.1 <-> 224.0.0.1 0 0 1 62 1 62 24.425758000 0.0000 --- NOTICE-could-not-be-resolved-NOTICE | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 94.177.171.127 <-> 192.168.1.2 16 1330 16 5643 32 6973 26.020759000 5.8948 --- 69.195.158.196 secure.informaction.com | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 69.195.158.196 <-> 192.168.1.2 11 1241 9 4104 20 5345 26.069350000 0.9786 --- 151.21.208.64 a771.dscq.akamai.net | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 151.21.208.64 <-> 192.168.1.2 10 1158 9 1533 19 2691 26.693979000 61.2706 --- NOTICE-could-not-be-resolved-NOTICE | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 93.136.116.73 <-> 192.168.1.2 8 719 8 5555 16 6274 26.923014000 0.0308 --- 104.31.78.223 istinaoistanbulskoj.info | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 104.31.78.223 <-> 192.168.1.2 34 5769 36 27718 70 33487 31.085026000 55.8482 --- 104.19.198.151 cdnjs.cloudflare.com | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 104.19.198.151 <-> 192.168.1.2 15 1522 14 6503 29 8025 31.656399000 51.1751 --- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -r dump_180504_1639_gdO.pcap -Y "(ip.addr==224.0.0.1)" -w dump_180504_1639_gdO_224.0.0.1.pcap -rw-r--r-- 1 mr mr 212 2018-05-04 18:55 dump_180504_1639_gdO_224.0.0.1.pcap tshark-http-uri.sh -k dump_180504_1639_gdO_SSLKEYLOGFILE.txt -r dump_180504_1639_gdO_224.0.0.1.pcap -rw-r--r-- 1 mr mr 0 2018-05-04 18:55 dump_180504_1639_gdO_224.0.0.1-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -r dump_180504_1639_gdO.pcap -Y "(ip.addr==94.177.171.127)" -w dump_180504_1639_gdO_94.177.171.127.pcap -rw-r--r-- 1 mr mr 8176 2018-05-04 18:55 dump_180504_1639_gdO_94.177.171.127.pcap tshark-http-uri.sh -k dump_180504_1639_gdO_SSLKEYLOGFILE.txt -r dump_180504_1639_gdO_94.177.171.127.pcap -rw-r--r-- 1 mr mr 0 2018-05-04 18:55 dump_180504_1639_gdO_94.177.171.127-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -r dump_180504_1639_gdO.pcap -Y "(ip.addr==69.195.158.196)" -w dump_180504_1639_gdO_69.195.158.196.pcap -rw-r--r-- 1 mr mr 6112 2018-05-04 18:55 dump_180504_1639_gdO_69.195.158.196.pcap tshark-http-uri.sh -k dump_180504_1639_gdO_SSLKEYLOGFILE.txt -r dump_180504_1639_gdO_69.195.158.196.pcap -rw-r--r-- 1 mr mr 43 2018-05-04 18:55 dump_180504_1639_gdO_69.195.158.196-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -r dump_180504_1639_gdO.pcap -Y "(ip.addr==151.21.208.64)" -w dump_180504_1639_gdO_151.21.208.64.pcap -rw-r--r-- 1 mr mr 3420 2018-05-04 18:55 dump_180504_1639_gdO_151.21.208.64.pcap tshark-http-uri.sh -k dump_180504_1639_gdO_SSLKEYLOGFILE.txt -r dump_180504_1639_gdO_151.21.208.64.pcap -rw-r--r-- 1 mr mr 38 2018-05-04 18:55 dump_180504_1639_gdO_151.21.208.64-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -r dump_180504_1639_gdO.pcap -Y "(ip.addr==93.136.116.73)" -w dump_180504_1639_gdO_93.136.116.73.pcap -rw-r--r-- 1 mr mr 6908 2018-05-04 18:55 dump_180504_1639_gdO_93.136.116.73.pcap tshark-http-uri.sh -k dump_180504_1639_gdO_SSLKEYLOGFILE.txt -r dump_180504_1639_gdO_93.136.116.73.pcap -rw-r--r-- 1 mr mr 24 2018-05-04 18:55 dump_180504_1639_gdO_93.136.116.73-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -r dump_180504_1639_gdO.pcap -Y "(ip.addr==104.31.78.223)" -w dump_180504_1639_gdO_104.31.78.223.pcap -rw-r--r-- 1 mr mr 35880 2018-05-04 18:55 dump_180504_1639_gdO_104.31.78.223.pcap tshark-http-uri.sh -k dump_180504_1639_gdO_SSLKEYLOGFILE.txt -r dump_180504_1639_gdO_104.31.78.223.pcap -rw-r--r-- 1 mr mr 175 2018-05-04 18:55 dump_180504_1639_gdO_104.31.78.223-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180504_1639_gdO_SSLKEYLOGFILE.txt" -r dump_180504_1639_gdO.pcap -Y "(ip.addr==104.19.198.151)" -w dump_180504_1639_gdO_104.19.198.151.pcap -rw-r--r-- 1 mr mr 9096 2018-05-04 18:55 dump_180504_1639_gdO_104.19.198.151.pcap tshark-http-uri.sh -k dump_180504_1639_gdO_SSLKEYLOGFILE.txt -r dump_180504_1639_gdO_104.19.198.151.pcap -rw-r--r-- 1 mr mr 85 2018-05-04 18:55 dump_180504_1639_gdO_104.19.198.151-frame-http-request-full_uri.txt -rw-r--r-- 1 mr mr 0 2018-05-04 18:55 dump_180504_1639_gdO_224.0.0.1-frame-http-request-full_uri.txt -rw-r--r-- 1 mr mr 0 2018-05-04 18:55 dump_180504_1639_gdO_94.177.171.127-frame-http-request-full_uri.txt Removing the empty files listed... removed 'dump_180504_1639_gdO_224.0.0.1-frame-http-request-full_uri.txt' removed 'dump_180504_1639_gdO_94.177.171.127-frame-http-request-full_uri.txt'