Network Traffic Analysis

Returns

Download ftp.pcap file

Capturing and building PCAP file

Sometime we don’t have the time or option to install external libraries on our environment. Let’s work capture all packets on all interfaces then see how to build a pcap file to write in it.

<!—

http://jarmoc.com/blog/2013/05/22/bsjtf-ctf-writeup-what-in-the-name-of-zeus/

<!—

!/usr/bin/env ruby

#

require ‘packetfu’
require ‘pp’

capture = PacketFu::Capture.new :iface => ‘mon0’, :promisc => true, :start => true

capture.stream.each do |p|

\

array 56

include PacketFu
packets = PcapFile.file_to_array ‘/home/KING/wireless.pcap’

packets.eachwith_index do |packet , ref|
puts ““ 75
puts “Reference: #{ref}”
puts “\“ _ 75

pkt = Packet.parse(packet)
puts pkt.dissect
sleep 2

end

\

packets = PcapFile.read_packets ‘/home/KING/wireless.pcap’
packet = packets[56]
pkt = Packet.parse(packet)
puts pkt.inspect_hex