exe, indicating the second request returned a Windows executable file. doc, indicating the first request returned a Microsoft Word document. Filtering on the tutorial's first pcap in Wireshark.Īfter filtering on http.request, find the two GET requests to smart-faxcom. Open the pcap in Wireshark and filter on http.request as shown in Figure 1.įigure 1. The first pcap for this tutorial, extracting-objects-from-pcap-example-01.pcap, is available here. This tutorial covers the following areas: You could also use a virtual machine (VM) running Linux. Since these files are Windows malware, I recommend doing this tutorial in a non-Windows environment, like a MacBook or Linux host. Warning: Most of these pcaps contain Windows malware, and this tutorial involves examining these malicious files.
The instructions also assume you have customized your Wireshark column display as previously demonstrated in this tutorial. We will use these pcaps of network traffic to practice extracting objects using Wireshark. The instructions assume you understand network traffic fundamentals. This tutorial offers tips on how to export different types of objects from a pcap. When reviewing packet captures (pcaps) of suspicious activity, security professionals may need to export objects from the pcaps for a closer examination.
0 kommentar(er)
