PCAP analysis
Tools
- 1.Wireshark
- 2.NetworkMiner
- 3.Strings
- 4.Tshark
Checklist
- 1.Understand the packets
- 2.Export objects
- 3.Protocol hierarchy give you general understanding
- 4.Follow TCP streams
- 5.Filtering
- 6.Search for keyword such as "flag" using Find Packet
- 7.Take a look at Info column. Stupid challenge always put the flag letter by letter in different packets.
- 8.If challenge about wifi, USB or keyboard thingy, google the past writeup how they solve.
Others
- 1.Convert pcapng to pcap
tshark -F pcap -r file.pcapng -w newfile.pcap
- 2.Bruteforce WEP password for PCAP
aircrack-ng -b XX:XX:XX:XX:89:b3 -w ../rockyou.txt target.pcap
- Go to Edit > preference > Protocol > IEEE 802.11 > Edit... button > wpa-pwd password
Reference
Last modified 10mo ago