The Spy Files: Extracting Word Documents from a Packet Capture

The Krypt

For anyone interested in network security and pen testing stuff, Wireshark is the tool to get, as it reveals pretty much everything about a network, the hosts and active services present, traffic volumes, payloads and sometimes login details as well. I was hoping to demonstrate some of that here, using a (publicly available) .pcap file I acquired from somewhere.

My personal method is to start by constructing a picture of the network, which is time consuming but sets the scene for whatever analysis. There are three IP addresses worth looking at:

* 192.168.0.100 – Appears to be a virtual machine running on VMware, and providing a large number of services, including IMAP, MySQL, POP3, HTTPS, domain services, Kerberos, Sun RPC and SMUX.
* 192.168.0.150 – Another VM making a load of requests through outgoing port 34988, so it had to be a proxy server.
* 224.0.0.22 – Multicast router.

In…

View original post 479 more words

What is Packet Inspection?

IPv6 Secure Communications Project

Originally posted on the XeroCrypt Blog

Packet inspection is something we’ll read about a lot, especially with the Communications Data Bill going through at the moment, and other stuff. It’s directly related to the how of surveillance, traffic management and sometimes censorship. The technology for intercepting Internet traffic and scanning content is commercially available, but who is using it, and how is it being used? As it happens, Deep Packet Inspection (DPI) is deployed widely enough that there’s a good chance everything going over the Internet unencrypted is being read as it crosses the public Internet.

An Overview of Packet Inspection
First it’s important to recognise there’s a difference between packet inspection and Deep Packet Inspection (DPI).
Invented around the mid-1990s, packet inspection was originally for use in a stateful firewall/IDS setup, which is useful where applications might change the ports they’re communicating on, or where someone might attempt…

View original post 1,147 more words