# place the pcap your interested in examining in the pwd
# rename the pcap new.pcap
# By Mike D
#
#
print("Please change your pcap filename to new.pcap")
import urllib2

# file to be written to
file = "domains.txt"

# download a current domain blacklist
url = "http://malwaredomains.lehigh.edu/files/domains.txt"
response = urllib2.urlopen(url)

# You can also use the with statement:
with open(file, 'w') as f: f.write(response.read())

# Clean the file and remove all the extra stuff
import subprocess
COMMAND = "cat  domains.txt | awk '{print $1}' | sort |uniq > BLdomains.txt"  
subprocess.call(COMMAND, shell=True)

# Grab all domains from the pcap
#pcapfile = raw_input("What is the pcap file name?")
COMMAND = "tshark -N n -r new.pcap | awk '{print $3}' | sort |uniq > localdomains.txt"  
subprocess.call(COMMAND, shell=True)

# print to screen any domains from pcap that are listed in domain blacklist.
COMMAND = "grep -F -f BLdomains.txt localdomains.txt"  
subprocess.call(COMMAND, shell=True)