Extracting Files from PCAPs with Wireshark // Lesson 9 // Wireshark Tutorial

Рет қаралды 113,611

Күн бұрын

Пікірлер: 95

@ChrisGreer 3 жыл бұрын

If we are doing a CTF or performing Malware analysis with Wireshark, we usually need to extract files from PCAPs at some point. In this video, we will look at how to do it. Download the sample trace file here: www.cloudshark.org/captures/a9472fbe700a (Select Export | Download to pull the trace down locally)

@mindiswealth 8 ай бұрын

THANK YOU FOR MAKING THIS VIDEO. I have started my journey in CS and a job I applied to has asked me to extract a pdf file from the PCAP and this helped me so much! THANK YOU

@finance10102 8 ай бұрын

OMG ME TOOO!!!

@finance10102 8 ай бұрын

Was it Nukuo?

@mindiswealth 8 ай бұрын

@@finance10102 YOOO YES 😂 small world man!

@IxapanI 8 ай бұрын

@@finance10102 yes same

@mehershewon 8 ай бұрын

Did you follow this step by step and it worked?

@workflowinmind Жыл бұрын

Just commenting to give this series more light! Amazing work once again

@ChrisGreer Жыл бұрын

Thank you! I appreciate it.

@lucascon9696 Жыл бұрын

Gave me what I was searching for in half a minute, many thanks!

@ChrisGreer Жыл бұрын

No problem!

@morpheus_uat Жыл бұрын

short, consice, and straight to the point thanks fine lad

@IsometricSandwiches 11 ай бұрын

Chris, a video on TLS decryption in Wireshark would be a great addition to this playlist!

@moviesinnutshell8815 11 ай бұрын

That is above his paygrade 😂

@CAAV4252 3 жыл бұрын

Dear Chris, thank you very much for sharing your knowledge and excellent content ... keep going .. !!! Greetings from Ecuador

@ChrisGreer 3 жыл бұрын

Thanks for the comment! Ecuador is a beautiful place.

@tfitzge134 Жыл бұрын

Hi Chris, I bought your course at Udemy and it is so awesome!

@ChrisGreer Жыл бұрын

Awesome, thank you!

@agolu16 2 жыл бұрын

Thanks!

@ChrisGreer 2 жыл бұрын

Thank you!

@vyasG 3 жыл бұрын

Thank you for this lesson. Looking forward for the next one.

@KSPAllies Жыл бұрын

My guy this is absolutely what i needed shouts out to you big dog

@Phanda319 2 ай бұрын

This video was so helpful! Thank you so much!!!

@notistsimas1837 Жыл бұрын

YOU ARE A FKING LEGEND! TOOK MY 50 HOURS TO FIND YOU TRYING TO SOLVE MY ASSIGNMENT

@toripuru_wav Жыл бұрын

thank you for this, i have a challenge that was set up by a training provider that also provides job opportunity in cybersec... i had to extract a PDF that contains passwords and details for my next step in the programme and this video helped me lmao within 4 mins. THANK YOU CHRIS!

@saniya11229226 Жыл бұрын

Hi Chris, Any way you can help.I am on the same challenge and am confused on how to operate wire shark.

@toripuru_wav Жыл бұрын

@@saniya11229226did you manage?

@toripuru_wav Жыл бұрын

@@savagevolt4458if you follow this guide you're surely gonna find the pdf and extract it out already, will reveal next step for red alpha application process...

@dbzbattler7282 Жыл бұрын

Hey I’m doing the same thing but I’m not finding the password any tips?

@a-plusappliancerepairllc5395 7 ай бұрын

@dbzbattler7282 Good Morning, Did you ever figure it out?

@spacepower5466 2 ай бұрын

simple easy and go in the point thanks

@majiddehbi9186 3 жыл бұрын

very happy to be here

@calment 10 күн бұрын

Good to know that Wireshark can do that. Unfortunately, there is no support for NFS...

@flamshlo1 2 жыл бұрын

your lessons are FANTASTIC. have practically all of yours in my playlists. for some reason there is no SAVE provision in my wireshark version 3.63 (v3.63.-06d348e4611e2)

@ChrisGreer 2 жыл бұрын

Hey Shlomo! That is really weird. You mean you cannot save the whole file?

@Dalin_B Жыл бұрын

Been following this class from the start.... Yo, I had no idea that Wireshark could do any of this.

@ChrisGreer Жыл бұрын

Glad you like it!

@ChitChat 3 жыл бұрын

How does one get into packet capture analysis? Also it appears that the Wireshark cert is not high in demand in job postings. Curious of your thoughts on that.

@jjames7206 3 жыл бұрын

Hi CHris！I alway looking for something about packet capture analysis work on with wireshark !

@ChrisGreer 3 жыл бұрын

Hello - how does one get into it? I guess several ways... if you are in netops, secops, devops, just download it, install, and get to capturing. Learn what each packet means, one at a time. Start slow and get more complex. Watch videos like these ones on my channel to get a running start, and then just do it! Certs? I had the WCNA for some time. It goes into several aspects of the analyzer that are good to know. Do you need it for a job? Probably not. I've known some amazing packet analysts that never got it.

@mrjapansl 3 жыл бұрын

Looking forward to the next video

@onkarmhaskar8551 10 ай бұрын

thanks sir u just saved my life!!! 😁😁😁

@ZirveAzeri Жыл бұрын

Great teacher...

@flamshlo1 2 жыл бұрын

thanks. your file for the lesson is NOT the problem. the problem is saving the "packet-pioneer-logo-blue-green-media.png" as instructed by you at 3:09 minutes into the lesson. the 2 lines are listed but there is NO save option.

@ΔΙΟΝΥΣΗΣΖΑΠΑΝΤΗΣ 3 жыл бұрын

Hello Chris! When you will publish the lesson 10? Thanx!

@ChrisGreer 3 жыл бұрын

Good reminder... I need to get it out there!

@baidysall9591 3 жыл бұрын

Short and sweet

@roswithadusa8673 Жыл бұрын

hello timeline 4:26 it is possible to save or copy the png part and then open it up in a pictures editor?

@MuhammadAbdullah-fb4wn 9 ай бұрын

Hello Master , I just come up with a quick question that Is wireshark also as noisy as nmap or Not?

@雨緑-q4t 3 жыл бұрын

Thank you! Very interesting

@badrmotayeb4833 Жыл бұрын

amazing video

@dopy8418 3 жыл бұрын

So this is the prequel to ‘decrypting https traffic’. You are going star wars on us.

@luckygolakoti3241 2 жыл бұрын

Sir, how can we see the data format which was traversing through packets as you have displayed images how can i enable ?

@Pentestercoe Жыл бұрын

How to identify the file type and extract it from TCP payload?

@luckygolakoti3241 2 жыл бұрын

sir,did you provide any course for ethical hackers about wireshark in any platform like udemy....if yes please do provide link for it?

@ChrisGreer 2 жыл бұрын

Not yet - hopefully coming soon.

@MegaDiamond91 Жыл бұрын

Thank you, mate :)

@berthold9582 Жыл бұрын

so goooood thanks

@volkan8693 2 жыл бұрын

Hi Chris, what if i have a compressed content and I want to uncompress the http request body? In my case I have "content-type: application/x-deflate"

@plushplush7635 2 жыл бұрын

worked, awesome

@ChrisGreer 2 жыл бұрын

Great!

@mystica-subs 3 жыл бұрын

Can you please explain this for QUIC and not just http2/3 ?

@ChrisGreer 3 жыл бұрын

kzbin.info/www/bejne/fp-npICbnbiGj5Y Have you stopped by this video yet?

@kemovlogz 2 жыл бұрын

Great Video Bro! Can I Get Packet Data Uploaded to KZbin, Love To See Some Old Post that I deleted

@comedydaddy8074 Жыл бұрын

I am about to cry. Every time I try this it keeps saying that the photo is not supported. I tried it on my actual laptop and on a VM. Agh it's not annoying I keep getting the same thing over and over.

@nataliaerrecalde7340 Жыл бұрын

Hi Chris, thanks for you incredible job. i need your help im trying to Decrypt SSL traffic using Wireshark and SSL key log file in macOS but im not able. could you make a video of that or if you have one can you please share it to me . cheers. naty

@nataliaerrecalde7340 Жыл бұрын

that's the answer that ive received cannot open `/Users/nxxxxxxxxe/sslkey.log' (No such file or directory)

@francypothuraju7002 Жыл бұрын

hi chris. How to extract txt and docx files from pcap file

@telisijohn2054 3 жыл бұрын

What does CTF stands for or what is CTF?

@ChrisGreer 3 жыл бұрын

Capture the flag

@telisijohn2054 3 жыл бұрын

@@ChrisGreer Thanks I usually see an acronym description in the documentation but I couldn’t find one for CTF even in Google search. Anyways now Thani know what it means, I will go back and see the video

@nokotable 2 жыл бұрын

how safe it it to extract those files to your VM?

@erenkorcan5458 2 жыл бұрын

for example i just downloaded a pdf file from a website can wireshark show this and how?

@ChrisGreer 2 жыл бұрын

Because it is encrypted and you might not have the decryption keys loaded into WS

@erenkorcan5458 2 жыл бұрын

@@ChrisGreer ohh okay i got you, i was making some research how to get decryption keys of smthng. By the way thank you for your answer and kindness 💙🙏