search

PCAP Notes

  • Right Click -> Follow TCP Stream

  • File -> Export Objects

  • Traffic that can be viewed

    • Telnet

    • FTP

    • rsh

    • rlogin

    • SMTP (Need to decode using base64)

    • POP

    • IMAP

    • HTTP

      • Authorization header uses base64

      • If no Content-Length is set, use TCP Stream instead

    • DNS

    • ICMP

    • TLSv1.2

      • To view the packet content (Requires the key file)

        • Select one of of the TLS packets -> Right Click -> Protocol Preferences -> RSA keys list

        • Select one of of the TLS packets -> Right Click -> Protocol Preference -> TLS debug file (For Pre-Master-Secret log)

    • MySQL

hashtag
Potential tools used

  • uudecode

PreviousIntelligence

Last updated