This tool allows you to find ip addresses in PCAP file by making comparison between two list of ip addresses to bypass windows firewall {inbound/outbound} rules by exporting ip addresses to txt file from windows firewall GUI.
First execute bash file to extract ip addresses that captured from any computer which involved in network activity of any application that we want to compare with other list named as "iplist.txt" the picture shows us how to export blocked/allowed ip addresses from windows firewall gui.
Bash file will write ip addresses in PCAP file to the .txt file named as "incomingiplist.txt".
chmod +x tcpdumpextractipfrompcap.sh
./tcpdumpextractipfrompcap.sh capturednetworkpackets.pcap
After you export "iplist.txt" from windows firewall and execute the bash file to create "incomingiplist.txt" includes ip addresses that you want to find in "iplist.txt", you have to execute "compare_blockedip_address.py" to compare two list to find same ip addresses.
C:\Users\*-*\Desktop\unblockingmicrosoftipaddress>python compare_blockedip_address.py
Found An IP Address : 13.107.18.11
Found An IP Address : 13.107.21.200
Found An IP Address : 13.107.42.12
Found An IP Address : 13.107.6.254
Found An IP Address : 52.114.132.91
Found An IP Address : 52.158.24.209
Found An IP Address : 40.125.122.151
Found An IP Address : 40.70.229.150
Found An IP Address : 52.155.217.156
Found An IP Address : 52.155.223.194
The reason i made this tool is most of us doesn't even knows what Inbound/Outbound rules is defined in Windows Defender Firewall (Can it cause a damage ?, Are all these rules the same as the rules we want?, etc..).
Basically what im tryna say is by learning what rules came from us and what rules doesn't came from us we can Accept/Reject it.
With this tool you can track the network activity of the application that Inbound/Outbound rules are defined by Windows Defender Firewall as Accepted/Rejected.
We can use it as a "network activity tracker" by tracking the network activity of the application that we want by disabling the Accept/Reject rule in Windows Defender Firewall Advanced Security GUI then comparing the ip address/addresses that defined as a rule by Windows Firewall with the ip address/addresses captured in our computer via (Wireshark, tcpdump, etc..) and saved as (PCAP/PCAPNG) file.
After making comperasion with this tool we can use our "founded ip address/addresses" to investigate it on our Lab or in applications like (Wireshark, Tcpdump, etc...).
For example i created this tool while i was trying to install Netflix from Microsoft Store and browser didn't allowed me to join web site of Microsoft Store then i found that application was added rules to Windows Firewall without my permission and i tracked network activty via the ip addresses i found on Windows Defender Firewall rules.
Also we can use it in malware analysis, fingerprinting, etc..