Browse Tag

pcap

More Compiled List of Sample PCAP Files for Practice

Jun 25, 2016
/
Resources

A quick follow up from one of my earlier post regarding a compiled list of sample PCAP files, here are more files for your practices on Wireshark features and techniques, of which some of them even have blog posts on the decrypting of the files. I hope they are helpful to you too.

Honeynet.org’s Scan of the Month PCAPs
- http://old.honeynet.org/scans/index.html
Raul Siles, “Pcap files containing a roaming VoIP session”
- http://www.raulsiles.com/downloads/VoIP_roaming_session.zip
Russ McRee, W32/Sdbot infected machine
- http://holisticinfosec.org/toolsmith/files/nov2k6/toolsmith.pcap
MDSec’s Packets from a GSM 2.5G environment showing uplink/downlink, two MS devices, SIM APDU information
- https://github.com/HackerFantastic/Public/blob/master/misc/44CON-gsm-uplink-downlink-sim-example.pcap?raw=true
Joke Snelders, WiFi traffic encrypted with WPA pre-shared key (passphrase “subnet16121930”, SSID “dd-wrt2”)
- http://www.lovemytool.com/files/test.pcap
- Decryption instructions: “Wireshark and TShark: Decrypt Sample Capture File“
Barracuda Labs on the PHP.net Compromise
- http://barracudalabs.com/downloads/5f810408ddbbd6d349b4be4766f41a37.pcap
- https://barracudalabs.com/2013/10/php-net-compromise/

Compiled List of Sample PCAP Files for Practice

Jun 05, 2016
/
Resources

I was once tasked to perform some investigation on a packet capture (pcap) file to retrieve some information. Before I was given the task, I don’t even know anything about pcap file. Some simple research will tell you that it is a file that captures network traffic.

Interesting uh?

One of the best tool used in the industry for performing packet capturing would be no doubt, Wireshark. The tool itself has many features, which I am not going to do a step-by-step guide today. What I am going to share is actually a compiled list of sample pcap files.

You are right, a compiled list of sample pcap files consolidated by people in the community and listed together in the Wireshark Wiki. It is very useful to people learning Wireshark and want to perform some analysis or test out some features on good pcap files which has more variants of realistic network traffic, furthermore, the choices are vast and interesting (since you did not create it yourself, there are some element of surprise).

Check out the list: https://wiki.wireshark.org/SampleCaptures

Hacking for n00bz – Level 6

May 29, 2016
/
General, Resources, Write-ups

For level 6, we were being asked to download “sharkfin.pcap” to hunt for the flag, which means that we should probably be prepared to analyse some network traffic. As hinted by the file name, “sharkfin”, let’s open the file using Wireshark and analyse it.

Usually the first few steps that I would do when I open any pcap files in Wireshark is to take a quick glance at what protocols of network traffic were being captured, then look into the more popular ones such as HTTP or FTP.

In this case, I followed the UDP stream 0 and gotten the following string which is probably the flag,

696e666f7365635f666c616769735f736e6966666564

True enough, it is an encoded hexadecimal flag. Using Hackbar, I did a quick conversion and managed to get the flag for level 6, “infosec_flagis_sniffed”.

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz