如何从Pcap文件中提取清晰文本 [英] How to Extract Clear Text Out Of A Pcap File
问题描述
我已将Pcap上传到MMA进行审核。我能够通过过滤器tcp.port == 23缩小我想要的流量,这给了我所有的telnet流量。通过数据包,我在消息数据框中看到了需要的明文,但是如何将
从所有telnet数据包中提取明文到一个不错的可查看数据源?
我想你可能指的是TelnetData字段?我认为这并不总是清晰的文字,但在我的例子中,很多都是明文,我的输出如下。 为了获得此输出,我通过右键单击将详细信息窗口中的TelnetData作为列添加。
选中后, (工具 - >字段数据)窗口会显示结果。 我们记住了选择,所以当你浏览每个选项时,它会在字段数据窗口中更新。
你可以创建一个输出文本文件,选择一堆行并将粘贴复制到Excel中,然后选择所需的特定列。 另一个选项是删除所有其他列,因此剪贴板中的副本只包含一列。
您还可以使用工具栏中的"导出"选项将数据保存为文本。
这是我的示例。
TelnetData
上次登录:周四12月 2 21:32:59来自bam.zing.org的ttyp1
警告:未发布Kerberos票证。
< td height ="20"style ="border:0px black; height:15pt; background-color:transparent">
OpenBSD 2.6-beta(OOF)#4 :Tue Oct 12 20:42:32 CDT 1999
< tr height ="20" style ="height:15.0pt">
< tr height ="20"style ="height:15.0pt">
l
l
s
s
I have uploaded a Pcap to MMA for review. I was able to narrow down the traffic I wanted with the filter tcp.port==23 which gives me all the telnet traffic. Going through the packets, I see the clear text that need in the message data box however how would you extract clear text from all the telnet packets into one nice view-able data source?
I think you might be referring to the TelnetData field? I think this isn't always clear text, but in my example a lot of it is clear text, for my output below. To get this output, I add TelnetData form the details window as a column, by right clicking. When it's selected, the (tools->field data) window shows you the results. We remember the selction so as you move through each one, it will update in the field data window.
You can create an output in a text file by either, selecting a bunch of lines and copy paste into Excel, then selecting the specific column you want. Another option is to remove all other columns, so the copy in the clipboard contains just one column. You can also use the Export option from the toolbar to save the data as text.
Here's my example.
TelnetData Last login: Thu Dec 2 21:32:59 on ttyp1 from bam.zing.org Warning: no Kerberos tickets issued. OpenBSD 2.6-beta (OOF) #4: Tue Oct 12 20:42:32 CDT 1999
l l s s
这篇关于如何从Pcap文件中提取清晰文本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
