PCAP analysis

Tools
1.Wireshark
2.NetworkMiner
3.Strings
4.Tshark
Checklist
1.Understand the packets
2.Export objects
3.Protocol hierarchy give you general understanding
4.Follow TCP streams
5.Filtering
6.Search for keyword such as "flag" using Find Packet
7.Take a look at Info column. Stupid challenge always put the flag letter by letter in different packets.
8.If challenge about wifi, USB or keyboard thingy, google the past writeup how they solve.
Others
1.Convert pcapng to pcap
tshark -F pcap -r file.pcapng -w newfile.pcap
2.Bruteforce WEP password for PCAP
aircrack-ng -b XX:XX:XX:XX:89:b3 -w ../rockyou.txt target.pcap
Go to Edit > preference > Protocol > IEEE 802.11 > Edit... button > wpa-pwd password
3.USB pcap
​https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes​
Reference
​https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection​
Web
Misc
Last modified 10mo ago