- Joined
- May 15, 2017
- Messages
- 981
- Likes
- 760
- Points
- 1,045
Go to Wireshark and open the file with previously intercepted FTP traffic.
Next, go to the TCP stream. Right click on the first package. Follow-> TCP Stream, that is, to put together the entire session:
We get this:
Here we will see a window that reflects all FTP commands and responses that were transmitted in this session. Pay attention to the sites mentioning * .zip file. This is clearly what we are looking for.
We are looking for the nearest FTP-DATA package. Who did not know, FTP-DATA is once again intended for transferring data and files via the FTP protocol.
On this package, right-click. Follow-> TCP Stream.
We get a conclusion in the form of a zagogulin. We see Show and save data as. Choose RAW. We get this:
Poke on Save as ... We fall into the save dialog box. Save the file name.zip.
Close Wireshark.
Open the archive and see:
You are now familiar with one of the main ways to search for information in the TCP traffic dump.
![iKggo3WIgzs.jpg](https://pp.userapi.com/c845220/v845220788/11cce3/iKggo3WIgzs.jpg)
Next, go to the TCP stream. Right click on the first package. Follow-> TCP Stream, that is, to put together the entire session:
![XXDPfgatDAk.jpg](https://pp.userapi.com/c845220/v845220788/11cceb/XXDPfgatDAk.jpg)
We get this:
![5_1v1QAArE4.jpg](https://pp.userapi.com/c845220/v845220788/11ccf3/5_1v1QAArE4.jpg)
Here we will see a window that reflects all FTP commands and responses that were transmitted in this session. Pay attention to the sites mentioning * .zip file. This is clearly what we are looking for.
- SIZE OS Fingerprinting with ICMP.zip - request file size.
- RETR OS Fingerprinting with ICMP.zip - server response.
- 610078 bytes - file size
![YD_I3TqkpBw.jpg](https://pp.userapi.com/c845220/v845220788/11ccfc/YD_I3TqkpBw.jpg)
We are looking for the nearest FTP-DATA package. Who did not know, FTP-DATA is once again intended for transferring data and files via the FTP protocol.
![bNyXGEaVJNU.jpg](https://pp.userapi.com/c845220/v845220788/11cd09/bNyXGEaVJNU.jpg)
On this package, right-click. Follow-> TCP Stream.
![dW200u67A68.jpg](https://pp.userapi.com/c845220/v845220788/11cd1b/dW200u67A68.jpg)
We get a conclusion in the form of a zagogulin. We see Show and save data as. Choose RAW. We get this:
![HaomVO06PyE.jpg](https://pp.userapi.com/c845220/v845220788/11cd24/HaomVO06PyE.jpg)
Poke on Save as ... We fall into the save dialog box. Save the file name.zip.
Close Wireshark.
Open the archive and see:
![k04JABA61Z0.jpg](https://pp.userapi.com/c845220/v845220788/11cd2d/k04JABA61Z0.jpg)
You are now familiar with one of the main ways to search for information in the TCP traffic dump.