Scribd Logo
Upload

Welcome to Scribd!

  • Pcap File Capture

    Uploaded by

    Vishnu Puligilla
    83 views14 pages
    This document discusses implementing a solution to extract files from a captured PCAP file. It explains that packet capturing saves time for security analysis by extracting files instead of fully analyzing a machine. The stages of implementation involve starting Wireshark, capturing packets during an FTP download, closing the FTP session, stopping Wireshark capture, and saving the packets to a PCAP file. It also discusses libpcap and Wireshark, which are used to capture and analyze network packets. Reasons for packet capture include traffic analysis, capacity planning, and network attack prevention.

    Original Description:

    to capture data from pcap

    Original Title

    pcap file capture

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses implementing a solution to extract files from a captured PCAP file. It explains that packet capturing saves time for security analysis by extracting files instead of fully analyzing a machine. The stages of implementation involve starting Wireshark, capturing packets during an FTP download, closing the FTP session, stopping Wireshark capture, and saving the packets to a PCAP file. It also discusses libpcap and Wireshark, which are used to capture and analyze network packets. Reasons for packet capture include traffic analysis, capacity planning, and network attack prevention.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    83 views14 pages

    Pcap File Capture

    Uploaded by

    Vishnu Puligilla
    This document discusses implementing a solution to extract files from a captured PCAP file. It explains that packet capturing saves time for security analysis by extracting files instead of fully analyzing a machine. The stages of implementation involve starting Wireshark, capturing packets during an FTP download, closing the FTP session, stopping Wireshark capture, and saving the packets to a PCAP file. It also discusses libpcap and Wireshark, which are used to capture and analyze network packets. Reasons for packet capture include traffic analysis, capacity planning, and network attack prevention.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 14

    IMPLEMENTATION OF SOLUTION TO EXTRACT A

    CAPTURED PCAP FILE.


    ABSTRACT
    Packetcapturing(pcap) saves a lot of time for the security analysis by extracting
    files instead of perfoming a full analysis on amachine that is suspectte analysis
    extract the files from the network traffic and chack their potentiality.In the
    project we use wireshark tool to capture the packets.if we are involved in an
    accident related to attackwe need to check the file that are downloaded.then we
    analyze it by reverse engineering or the other methods.wireshark is the most
    popular network protocol analyzer capable of extracting files that were
    downloaded and captured.here we explain the procees of manually extracting
    from the captured pcap packets.thus the familiarizes us with tools and knowledge
    of the functioning tools
    INTRODUCTION:
    Nowadays , computer networks are usually large and diverse systems that
    communicate using a wide variety of protocols.this complexity created the need
    for more sophisticated tools to monitor and troubleshoot network traffic.today
    one of the the critical tools in any network administrator tool box is the
    sniffer.sniffers, also known as the packet analyzerare the programs that have the
    ability to intercept the traffic that passes a network.they are very popular
    between network administrators and the black community because they can be
    used for both- good and evil.in this article we will go through main principles of
    the packet captur and the introduce libcp an open source and portable packet
    capture library which is the core of tools like tcpdump,dsniffkismet snort or
    ettercap.
    Pcap(Packet capture)

     Packet capture is the action of collecting data as it travels over a network.


    Sniffers are the best example of packet capture systems but many other types
    of applications need to grab packets off a network card. Those include
    network statistical tools, intrusion detection systems, port knocking daemons,
    password sniffers, ARP poisoners, tracerouters, etc.
    Stages of implementation:

     Start the wireshark.


     Capture the packets on the interface connected to ftp server
     Download the ftp server using ftp file server.
     Close the ftp session.
     Stop the wirshark capture.
     Save the captured packets in a capture.pcap file.

    LIBCAP :

     Libpcap is an open source library that provides a high level interface to net-
    work packet capture systems. It was created in 1994 by McCanne, Leres and
    Jacobson – researchers at the Lawrence Berkeley National Labora- tory from
    the University of California at Berkeley as part of a research project to
    investigate and improve TCP and Internet gateway performance.
    Wireshark :

     Wireshark is a network packet analyzer. A network packet analyzer presents


    captured packet data in as much detail as possible.
     You could think of a network packet analyzer as a measuring device for
    examining what’s happening inside a network cable, just like an electrician
    uses a voltmeter for examining what’s happening inside an electric cable (but
    at a higher level, of course).
     In the past, such tools were either very expensive, proprietary, or both.
    However, with the advent of Wireshark, that has changed. Wireshark is
    available for free, is open source, and is one of the best packet analyzers
    available today.
    Why packet capture?

    Small scale
    - Analysis of existing software
    - Design and testing of new protocols
    Large scale
    -Traffic analysis and statistics
    -capacity planning
    - creation and implementation of traffic policy
    Network attack and attack prevention
    -verify security policy
    -capture of credentials
    Consideration of captured packets:
     Minimize the effect of capture on the network traffic
     Your capture device can only capture traffic that reaches its network
    interface
     The normal host interface behavior is to filter that doesnot match an
    interface address
     Ntohs() :
    The ntohs function takes a 16-bit number in TCP/IP network byte order (the
    AF_INET or AF_INET6 address family) and returns a 16-bit number in host byte
    order.
     pcap_loop()
    processes packets from a live capture or ``savefile'' until cnt packets are
    processed, the end of the ``savefile'' is reached when reading from a
    ``savefile'‘.

    You might also like