# place the pcap your interested in examining in the pwd # rename the pcap new.pcap # By Mike D # # print("Please change your pcap filename to new.pcap") import urllib2 # file to be written to file = "domains.txt" # download a current domain blacklist url = "http://malwaredomains.lehigh.edu/files/domains.txt" response = urllib2.urlopen(url) # You can also use the with statement: with open(file, 'w') as f: f.write(response.read()) # Clean the file and remove all the extra stuff import subprocess COMMAND = "cat domains.txt | awk '{print $1}' | sort |uniq > BLdomains.txt" subprocess.call(COMMAND, shell=True) # Grab all domains from the pcap #pcapfile = raw_input("What is the pcap file name?") COMMAND = "tshark -N n -r new.pcap | awk '{print $3}' | sort |uniq > localdomains.txt" subprocess.call(COMMAND, shell=True) # print to screen any domains from pcap that are listed in domain blacklist. COMMAND = "grep -F -f BLdomains.txt localdomains.txt" subprocess.call(COMMAND, shell=True)