# Commands as used by the script, written out for educational purposes. tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -r dump_180809_1931_gdO_2150-6960.pcap -qz hosts > dump_180809_1931_gdO_2150-6960.hosts tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -o "nameres.network_name: FALSE" -r dump_180809_1931_gdO_2150-6960.pcap -qz conv,ip > dump_180809_1931_gdO_2150-6960.conv-ip -rw-r--r-- 1 mr mr 1383 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960.conv-ip -rw-r--r-- 1 mr mr 238 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960.hosts (but the (but the dump_180809_1931_gdO_2150-6960.conv-ip needs to be reordered yet) dump_180809_1931_gdO_2150-6960.hosts -rw-r--r-- 1 mr mr 238 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960.hosts -rw-r--r-- 1 mr mr 1383 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960.conv-ip tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -r dump_180809_1931_gdO_2150-6960.pcap -V -Y 'http.request.method==POST' > dump_180809_1931_gdO_2150-6960.POST tshark-http-uri.sh -k dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt -r dump_180809_1931_gdO_2150-6960.pcap tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -q -r dump_180809_1931_gdO_2150-6960.pcap -T fields -e 'frame.number' -e 'http.request.full_uri' | grep -E '^[0-9]{1,9}[[:space:]][[:alpha:]]' > dump_180809_1931_gdO_2150-6960-frame-http-request-full_uri.txt -rw-r--r-- 1 mr mr 11488 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960-frame-http-request-full_uri.txt -rw-r--r-- 1 mr mr 11488 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960-frame-http-request-full_uri.txt -rw-r--r-- 1 mr mr 19741 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960.POST -rw-r--r-- 1 mr mr 101 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960.hosts-worked-ls-1 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 151.101.16.133 github.map.fastly.net | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 151.101.16.133 <-> 192.168.1.2 640 125177 738 131707 1378 256884 0.000000000 335.3343 --- 192.30.253.112 github.com | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 192.30.253.112 <-> 192.168.1.2 700 97165 981 1274971 1681 1372136 3.384088000 220.9344 --- 192.30.253.125 live.github.com | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 192.30.253.125 <-> 192.168.1.2 199 20758 214 34905 413 55663 4.481287000 330.4568 --- 192.30.253.124 live.github.com | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 192.30.253.124 <-> 192.168.1.2 189 24336 187 29115 376 53451 4.499537000 330.4405 --- NOTICE-could-not-be-resolved-NOTICE | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 185.121.177.177 <-> 192.168.1.2 37 3111 37 5126 74 8237 6.295110000 320.2678 --- NOTICE-could-not-be-resolved-NOTICE | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 192.168.1.1 <-> 224.0.0.1 0 0 2 124 2 124 112.581231000 125.0039 --- 192.30.253.113 github.com | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 192.30.253.113 <-> 192.168.1.2 280 39709 568 791260 848 830969 268.778966000 66.8086 --- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -r dump_180809_1931_gdO_2150-6960.pcap -Y "(ip.addr==151.101.16.133)" -w dump_180809_1931_gdO_2150-6960_151.101.16.133.pcap -rw-r--r-- 1 mr mr 301704 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_151.101.16.133.pcap tshark-http-uri.sh -k dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt -r dump_180809_1931_gdO_2150-6960_151.101.16.133.pcap -rw-r--r-- 1 mr mr 7089 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_151.101.16.133-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -r dump_180809_1931_gdO_2150-6960.pcap -Y "(ip.addr==192.30.253.112)" -w dump_180809_1931_gdO_2150-6960_192.30.253.112.pcap -rw-r--r-- 1 mr mr 1426316 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_192.30.253.112.pcap tshark-http-uri.sh -k dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt -r dump_180809_1931_gdO_2150-6960_192.30.253.112.pcap -rw-r--r-- 1 mr mr 2243 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_192.30.253.112-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -r dump_180809_1931_gdO_2150-6960.pcap -Y "(ip.addr==192.30.253.125)" -w dump_180809_1931_gdO_2150-6960_192.30.253.125.pcap -rw-r--r-- 1 mr mr 69176 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_192.30.253.125.pcap tshark-http-uri.sh -k dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt -r dump_180809_1931_gdO_2150-6960_192.30.253.125.pcap -rw-r--r-- 1 mr mr 367 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_192.30.253.125-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -r dump_180809_1931_gdO_2150-6960.pcap -Y "(ip.addr==192.30.253.124)" -w dump_180809_1931_gdO_2150-6960_192.30.253.124.pcap -rw-r--r-- 1 mr mr 65820 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_192.30.253.124.pcap tshark-http-uri.sh -k dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt -r dump_180809_1931_gdO_2150-6960_192.30.253.124.pcap -rw-r--r-- 1 mr mr 734 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_192.30.253.124-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -r dump_180809_1931_gdO_2150-6960.pcap -Y "(ip.addr==185.121.177.177)" -w dump_180809_1931_gdO_2150-6960_185.121.177.177.pcap -rw-r--r-- 1 mr mr 10820 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_185.121.177.177.pcap tshark-http-uri.sh -k dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt -r dump_180809_1931_gdO_2150-6960_185.121.177.177.pcap -rw-r--r-- 1 mr mr 0 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_185.121.177.177-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -r dump_180809_1931_gdO_2150-6960.pcap -Y "(ip.addr==224.0.0.1)" -w dump_180809_1931_gdO_2150-6960_224.0.0.1.pcap -rw-r--r-- 1 mr mr 308 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_224.0.0.1.pcap tshark-http-uri.sh -k dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt -r dump_180809_1931_gdO_2150-6960_224.0.0.1.pcap -rw-r--r-- 1 mr mr 0 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_224.0.0.1-frame-http-request-full_uri.txt tshark -o "ssl.keylog_file: dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt" -r dump_180809_1931_gdO_2150-6960.pcap -Y "(ip.addr==192.30.253.113)" -w dump_180809_1931_gdO_2150-6960_192.30.253.113.pcap -rw-r--r-- 1 mr mr 858348 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_192.30.253.113.pcap tshark-http-uri.sh -k dump_180809_1931_gdO_2150-6960_SSLKEYLOGFILE.txt -r dump_180809_1931_gdO_2150-6960_192.30.253.113.pcap -rw-r--r-- 1 mr mr 958 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_192.30.253.113-frame-http-request-full_uri.txt -rw-r--r-- 1 mr mr 0 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_185.121.177.177-frame-http-request-full_uri.txt -rw-r--r-- 1 mr mr 0 2018-08-13 18:02 dump_180809_1931_gdO_2150-6960_224.0.0.1-frame-http-request-full_uri.txt Removing the empty files listed... removed 'dump_180809_1931_gdO_2150-6960_185.121.177.177-frame-http-request-full_uri.txt' removed 'dump_180809_1931_gdO_2150-6960_224.0.0.1-frame-http-request-full_uri.txt'