Academy/Intro to Network Traffic Analysis/Dissecting Network Traffic with Wireshark Questions

Need some pointers on the second question of this module. Question is “Which employee is suspected of preforming potentially malicious actions in the live environment?”

I did a 10 minute packet capture, got over 500 packets, and still can’t figure this out. I followed the HTTP stream and also found no “file.jpeg”. Any help would be appreciated.

Comments

  • I figured this out; wasn’t looking at all the conversations.
  • I'm struggling in tcpdump fundamentals. in question:
    Given the capture file at /tmp/capture.pcap, what tcpdump command will enable you to read from the capture and show the output contents in Hex and ASCII?
    i try:
    -X -r /tmp/capture.pcap
    -r /tmp/capture.pcap -X
    -rX /tmp/capture.pcap

    Any tip ? :)

  • Type your comment> @CabraCega said:

    I'm struggling in tcpdump fundamentals. in question:
    Given the capture file at /tmp/capture.pcap, what tcpdump command will enable you to read from the capture and show the output contents in Hex and ASCII?
    i try:
    -X -r /tmp/capture.pcap
    -r /tmp/capture.pcap -X
    -rX /tmp/capture.pcap

    Any tip ? :)

    Same issue and What TCPDump switch will increase the verbosity of our output? won't acept any -v -vv -vvv -vvvvvvv

  • Type your comment> @OvertlyObscure said:

    Type your comment> @CabraCega said:

    I'm struggling in tcpdump fundamentals. in question:
    Given the capture file at /tmp/capture.pcap, what tcpdump command will enable you to read from the capture and show the output contents in Hex and ASCII?
    i try:
    -X -r /tmp/capture.pcap
    -r /tmp/capture.pcap -X
    -rX /tmp/capture.pcap

    Any tip ? :)

    Same issue and What TCPDump switch will increase the verbosity of our output? won't acept any -v -vv -vvv -vvvvvvv

    try without - ;)

  • edited July 24

    Hello friends, I am stuck on this question, I have tried all the combinations but nothing works for me
    tcpdump -Xr /tmp/capture.pcap
    tcpdump -X -r /tmp/capture.pcap
    tcpdump -rX /tmp/capture.pcap
    tcpdump -r -X /tmp/capture.pcap

    Please some help!!

Sign In to comment.