In this section, we are going to discuss packet analysis using tools in Kali NetHunter. We will be using various sample files taken from https://wiki.wireshark.org/SampleCaptures and https://www.honeynet.org/challenges as these samples are made for educational uses and contain a lot of data that is usually found on production networks.
We used Dsniff earlier to capture packets, but now we are going to use it to help us reassemble and view the plaintext transactions that took place in an offline PCAP file. For this exercise, we are going to use the telnet.cooked.pcap
file from https://wiki.wireshark.org/SampleCaptures#Telnet.
Use the dnsiff –p <filename>
command to enable the processing of contents from an offline, previously saved capture file. As we can see in the following screenshot, there is a communication that took place between two devices:
The following is the information we are able to interpret: