Skip to content
passive downloading
Find file
Latest commit 8026f2d Mar 26, 2015 @freddyb Create LICENSE
Failed to load latest commit information.
LICENSE Create LICENSE Mar 26, 2015
README.rst log handling, clarified licensing details Jul 26, 2011


passdown analyzes current (or saved) TCP traffic and extracts transferred files in order to store them to disk. It currently supports HTTP downloads in IPv4 or IPv6, but can easily extended. Sniffing is done with scapy.


Currently no installation required. Just run either as root to search for files in your current traffic or give it a pcap-file as first argument to work with previous transfers.

passdown depends on scapy, which has to be installed and available. Try installing it with your preferred method (apt, pacman, yum, ...). Instead you can just put in the same directory and be fine.


You can hack your own protocol to get files from, by defining a class and giving it the properties name and regex. The name should be human-readable and the regex should match to the traffic returned from the server (i.e. the party that accepts the TCP connection). The constructor of your class should accept two parameters: The data streams sent by server and client (in that order). You can then put the classname in the PROTOCOLS array. Note that you will have to adjust the filter applied to the sniff call, unless your protocol runs on tcp port 80 as well ;)

Known Bugs / TODO

  • TCP packets are not reordered.
  • Retransmissions are not handled
  • FIN-Handling is a little wrong
  • CPU load is a little high
  • We sometimes get I/O Errors on our streams
  • RST packets are currently unknown to passdown
  • No real option/parameter handling, verbosity switches would be nice
Something went wrong with that request. Please try again.