If they were in Wireshark, most likely they’d venture into the Statistics tab and check out ‘Capture File Properties’ and ‘Protocol Hierarchy.’ Can we get this sort of information from the command line? You bet your bottom dollar we can! The first tool we can use is called capinfos: $ capinfos ctf.pcapįile timestamp precision: microseconds (6) The first thing people like to do when they encounter a new pcap is to get the lay of the land so to speak. Tony E has a how-to on trace wrangler coming up on a network collective live-stream that can solve non-compatibility pcapng issues, and I digress. I mean, I originally tried to use tcpdump but since their file was saved as a pcapng it was not compatible without a little more work. ![]() ![]() You only love what you know right?! Well last week I embarked on a quest to find some flags on Cisco’s CTF 2021 using tshark. I wrote a quick intro to tcpdump some months ago as I was learning about the tool and I thought it was just the best.
0 Comments
Leave a Reply. |