EXTRACTING IMAGES FROM A PACKET CAPTURE A skill of importance as an incident responder or threat...

Transcribed Image Text:

EXTRACTING IMAGES FROM A PACKET CAPTURE A skill of importance as an incident responder or threat hunter is the ability to examine traffic and make sense of the contents of that traffic. One such component of analysis may be the images contained in traffic. This short exercise will demonstrate your ability to use the Wireshark packet analyzer tool to examine some previously captured traffic (pcap or .cap) and to then extract images contained in that traffic. 1. Launch the Wireshark application. 2. Download the packet capture file (http_with_jpegs.cap.gz) from your Moodle course. 3. From Wireshark, open the downloaded capture file. 4. Being told that the images to be inspected are ones found in web traffic, you can filter the traffic using the appropriate encapsulation filter. This will abbreviate the amount of traffic to analyze. 5. Find the transmission between 10.1.1.1 and 10.1.1.101 that contains 624 bytes on the wire and is identified as (JPEG JFIF image). Select the sequence number and then locate the JPEG File Interchange Format section in the details pane below. b. Export the packet bytes into a file named A.jpg 6. Find the transmission between 10.1.1.1 and 10.1.1.101 that is approximately 6.78 seconds into the capture and contains 824 bytes on the wire and is identified as (JPEG JFIF image). a. Select the sequence number and then locate the JPEG File Interchange Format section in the details pane below. b. Export the packet bytes into a file named B.jpg 7. Find the transmission between 10.1.1.1 and 10.1.1.101 that is approximately 11.1 seconds into the capture and contains 1445 bytes on the wire and is identified as (JPEG JFIF image). a. Select the sequence number and then locate the JPEG File Interchange Format section in the details pane below. b. Export the packet bytes into a file named C.jpg 8. Upload the three images that you have extracted as your submission for this assignment. SEC-160: Security Admin I Instructor: Debra McCusker EXTRACTING IMAGES FROM A PACKET CAPTURE A skill of importance as an incident responder or threat hunter is the ability to examine traffic and make sense of the contents of that traffic. One such component of analysis may be the images contained in traffic. This short exercise will demonstrate your ability to use the Wireshark packet analyzer tool to examine some previously captured traffic (pcap or .cap) and to then extract images contained in that traffic. 1. Launch the Wireshark application. 2. Download the packet capture file (http_with_jpegs.cap.gz) from your Moodle course. 3. From Wireshark, open the downloaded capture file. 4. Being told that the images to be inspected are ones found in web traffic, you can filter the traffic using the appropriate encapsulation filter. This will abbreviate the amount of traffic to analyze. 5. Find the transmission between 10.1.1.1 and 10.1.1.101 that contains 624 bytes on the wire and is identified as (JPEG JFIF image). Select the sequence number and then locate the JPEG File Interchange Format section in the details pane below. b. Export the packet bytes into a file named A.jpg 6. Find the transmission between 10.1.1.1 and 10.1.1.101 that is approximately 6.78 seconds into the capture and contains 824 bytes on the wire and is identified as (JPEG JFIF image). a. Select the sequence number and then locate the JPEG File Interchange Format section in the details pane below. b. Export the packet bytes into a file named B.jpg 7. Find the transmission between 10.1.1.1 and 10.1.1.101 that is approximately 11.1 seconds into the capture and contains 1445 bytes on the wire and is identified as (JPEG JFIF image). a. Select the sequence number and then locate the JPEG File Interchange Format section in the details pane below. b. Export the packet bytes into a file named C.jpg 8. Upload the three images that you have extracted as your submission for this assignment. SEC-160: Security Admin I Instructor: Debra McCusker