Network_Assessment – With Wireshark Or TCPdump, You Can Determine Whether There Is Harmful Activity On Your Network Traffic That You Have Recorded On The Network You Monitor


With Wireshark or TCPdump, you can determine whether there is harmful activity on your network traffic that you have recorded on the network you monitor.

This Python script analyzes network traffic in a given .pcap file and attempts to detect the following suspicious network activities and attacks:

  1. DNS Tunneling
  2. SSH Tunneling
  3. TCP Session Hijacking
  4. SMB Attack
  5. SMTP or DNS Attack
  6. IPv6 Fragmentation Attack
  7. TCP RST Attack
  8. SYN Flood Attack
  9. UDP Flood Attack
  10. Slowloris Attack

The script also tries to detect packages containing suspicious keywords (eg “password”, “login”, “admin”, etc.). Detected suspicious activities and attacks are displayed to the user in the console.

The main functions are:

  • get_user_input(): Gets the path of the .pcap file from the user.
  • get_all_ip_addresses(capture): Returns a set containing all source and destination IP addresses.
  • detect_* functions: Used to detect specific attacks and suspicious activities.
  • main(): Performs the main operations of the script. First, it gets the path of the .pcap file from the user, and then analyzes the file to try to detect the specified attacks and suspicious activity.

How to Install Script?

git clone

pip3 install -r requirements.txt

How to Run the Script?


Please enter the path to the .pcap or .pcapng file: /root/Desktop/TCP_RST_Attack.pcap (Example)


Script Creator

Alperen Ugurlu

Social Media:

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.