Extracting data from wireshark
I was given a PCAP file with something inside, at this point I didn't know what it could be.
I looked around the file for common protocols that could be used to send information such as http and ftp, I then tried to extract the file but it failed. I tried to check if Wireshark would extract it by going into file, extracting the object and choosing http or ftp, but that also failed.
after looking for a while and filtering for ftp-data I found something that said test.jpg so I took a closer look at it.
I followed the tcp stream and got the full data. I then converted it to raw and saved it on my desktop and finally got the image.
This lab taught me that I could extract data from Wireshark that is not encrypted. I found this lab very fun and I got to play with Wireshark.
Comments
Post a Comment