Identifying harmful activity on your captured traffic

This Python script utilises Wireshark or TCPdump to analyse network traffic stored in a specified .pcap or .pcapng file. The objective is to detect potential malicious activities and attacks. The script covers a range of suspicious network behaviors, including:

  1. DNS Tunneling
  2. SSH Tunneling
  3. TCP Session Hijacking
  4. SMB Attack
  5. SMTP or DNS Attack
  6. IPv6 Fragmentation Attack
  7. TCP RST Attack
  8. SYN Flood Attack
  9. UDP Flood Attack
  10. Slowloris Attack

Additionally, the script attempts to identify packages containing specific suspicious keywords such as “password,” “login,” “admin,” etc. Detected activities and attacks are displayed in the console.

Usage Instructions:

1. Clone the repository:

git clone

2. Install required dependencies:

pip3 install -r requirements.txt

3. Run the script:


4. Enter the path to the .pcap or .pcapng file when prompted.


Please enter the path to the .pcap or .pcapng file: /root/Desktop/TCP_RST_Attack.pcap

Script Structure:

  • get_user_input(): Retrieves the path of the .pcap file from the user.
  • get_all_ip_addresses(capture): Returns a set containing all source and destination IP addresses.
  • detect_* functions: Used to detect specific attacks and suspicious activities.
  • main(): Executes the primary operations of the script. It prompts the user for the file path and then analyses the file to identify specified attacks and suspicious activities.

Feel free to explore and enhance the capabilities of the script for a more comprehensive network assessment.

Download Link: Network_Assessment


Check Also

Whispers: A Powerful Static Code Analysis Tool for Credential Detection

“My little birds are everywhere, even in the North, they whisper to me the strangest …

Enabling AMD GPU for Hashcat on Kali Linux: A Quick Guide

Enabling AMD GPU for Hashcat on Kali Linux: A Quick Guide

If you’ve encountered an issue where Hashcat initially only recognizes your CPU and not the …

Leave your solution or comment to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from blackMORE Ops

Subscribe now to keep reading and get access to the full archive.

Continue reading

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.