![status](https://img.shields.io/badge/status-up-brightgreen)
Linkedin
Email
Blog
Medium
:white_square_button: Decap
Scan PCAP Files for Security Issues
Analyzing PCAP file in forensic investigation or, incident response takes a long time. In such cases, Decap tool will help you to initially scan the PCAP file.
:ledger: Feature
- Get the security reputation of IP address.
- Get the security reputation of URL.
- Get MAC address and vendor name.
- Check existence of suspicious network ports.
:beginner: Requirements
- Decap tool requires the Internet connection.
- Decap tool is built with PowerShell and Python. If you are using Decap tool for the first time then, install some required Python modules by running the below commands:
pip install scapy
pip install OTXv2
:black_square_button: How to Run
- Open up the Command Prompt (cmd.exe) and go to the Decap tool's folder. For example, if your Decap folder location is 'E:\Downloads\decap-main' then run the below command:
cd E:\Downloads\decap-main
- Now use the below command to run the Decap tool:
powershell -File decap.ps1 file.pcap
Replace file.pcap with your PCAP file location. For example, if you want to scan the 'E:\Packets\file.pcap' file then run the below command:
powershell -File decap.ps1 E:\Packets\file.pcap
:toolbox: Don't have PCAP file?
- You can download PCAP files of malware infected network from Malware Traffic Analysis. Password of the ZIP file will be
infected
.
- You can also download from Netresec.