Scapy
📘 BTFM
dshell
# MacOSX path to directory with pyenv (example):
/Users/[user_name]/.pyenv/versions/3.8.5/envs/python3/lib/python3.8/site-packages/dshell/
decode -l # list decoders
decode -d [decoder_name] # decoder info
# who talked to whom
decode -d ip [capture_file_name].(p)cap
# by what means (transport layer) i.e. not tcp,udp or icmp
decode -d protocol [capture_file_name].(p)cap
Analysis example 1
Downloading some (p)cap file from here. Chose some smb file smbtorture.cap.gz. This sample’s info: “Capture showing a wide range of SMB features. The capture was made using the Samba4 smbtorture suite, against a Windows Vista beta2 server.”