Skip to content
A small tool capable of estimating the size of the tls encrypted data in a pcap record, used in order to determinate which archlinux package was downloaded during a pacman session.
Python C Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src binary: now capable of detecting multiple packages in same pcap Jul 3, 2019
Makefile
Pipfile
Pipfile.lock
README.md misc: fix typo in readme Jun 27, 2019
pacstalker.py script: now handle multiple packages in same pcap Jul 3, 2019

README.md

Pacstalker

Description

Pacstalker is a simple tool capable of determinating a estimated size of the data transferred during a tls/ssl session which was recorded on a pcap file. This repository also provide a python script that is actually a wrapper around the C-written binary, this script aims at determinating which archlinux package was downloaded during a recorded tls/ssl session.

How to

Build

In order to build the binary, please just run make. You can of course clean the produced files afterward (and delete the binary) by using make clean.

Run the script

I used pipenv for the python script dependencies, to install the python packages needed by pacstalker.py just run pipenv install and then pipenv shell will bring you to the virtual env allowing you to use the script without problems.

Use

If you just want to use the C-binary to determinate the a estimated size of encrypted data transferred on a record, type : bin/pacstalker <yourpcap>.

If you want to guess which archlinux-package was downloaded from a pcap file, you will first have to get to the pipenv shell and then run python pacstalker.py <yourpcap>. Some options are available, please use the --help option to learn about them.

You can’t perform that action at this time.