Skip to content
/ redshark Public

Redshark is an incident response bash script to extract TCP streams on specified port.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

g3nj1z/redshark

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
redshark.sh
redshark.sh
 
 

Repository files navigation

Redshark

Redshark creates and automates the extraction of multiple TCP streams from a PCAP file. It creates a directory named tcp_streams_<port> containing individual ASCII files for each TCP stream found on the specified port using tshark, the command-line version of Wireshark.

Features

  • Extracts multiple TCP streams from a PCAP file using a specified TCP port in one-go.
  • Saves each TCP stream as a readable ASCII file in a dedicated directory.
  • Simple and efficient script leveraging tshark capabilities.

Usage

Prerequisites

  • Ensure tshark (Wireshark command-line tool) is installed.

Running the Script

  1. Clone the repository or download the redshark.sh script.

  2. Make the script executable if necessary:

    chmod +x redshark.sh

  3. Run the command by using

    ./redshark.sh pcap_file.pcap port

Example

./redshark.sh capture.pcap 445

This command will extract TCP streams using port 445 (SMB) from capture.pcap and save each stream as stream_.txt in the directory tcp_streams_445.

About

Redshark is an incident response bash script to extract TCP streams on specified port.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages