• ✨Always Use Forum Private Messages PM For Deal With Vendors✨

    Admin Contacts Jabber: megiddo@jabber.sk Telegram: @Megiddo1

Intercepting Files in Wireshark

✨ DeeZNuTz

✨ Master ✨
Staff member
Joined
May 15, 2017
Messages
982
Likes
760
Points
1,045
Go to Wireshark and open the file with previously intercepted FTP traffic.

iKggo3WIgzs.jpg




Next, go to the TCP stream. Right click on the first package. Follow-> TCP Stream, that is, to put together the entire session:

XXDPfgatDAk.jpg




We get this:

5_1v1QAArE4.jpg




Here we will see a window that reflects all FTP commands and responses that were transmitted in this session. Pay attention to the sites mentioning * .zip file. This is clearly what we are looking for.

  • SIZE OS Fingerprinting with ICMP.zip - request file size.
  • RETR OS Fingerprinting with ICMP.zip - server response.
  • 610078 bytes - file size
This file interested us. Now try to find it. Left-click on the RETR-package and get to this place (do not forget to clear the filter strip from the top):

YD_I3TqkpBw.jpg




We are looking for the nearest FTP-DATA package. Who did not know, FTP-DATA is once again intended for transferring data and files via the FTP protocol.

bNyXGEaVJNU.jpg




On this package, right-click. Follow-> TCP Stream.

dW200u67A68.jpg




We get a conclusion in the form of a zagogulin. We see Show and save data as. Choose RAW. We get this:

HaomVO06PyE.jpg




Poke on Save as ... We fall into the save dialog box. Save the file name.zip.

Close Wireshark.

Open the archive and see:


k04JABA61Z0.jpg




You are now familiar with one of the main ways to search for information in the TCP traffic dump.
 
Top Bottom