I am completing an assignment where I am given a pcap file to extract data from. The question is, Find username and password in pcap file. This is what I have so far.
$ tshark -r assign1.pcap -R 'smtp' -2 | awk '{if($9=="334") print $10}' | base64 -d
tshark makes the pcap file readable and will only select lines that have the word SMTP in the line.
I then pipe that info into awk, awk will then select the lines I need and then pipe that info to base64 to decode the fields.
The output I am getting is
But I do not know how to select the actual username and password and decode them. Here is what the file normally looks like, the fields underlined are the username and passwords I need to find and decode. I need to figure out how to find and decode the fields underlined in line 6 and line 8.
NOTE: The pcap file: https://ufile.io/jsfjr
