CCNA CyberOps SECOPS – Objective 2.5

Extract files from a TCP stream when given a PCAP file and Wireshark

Implementing Cisco Cybersecurity Operations (210-255)

For this example, I made a sample pcapng file using Wireshark. I did a wget of a graphics file from my website.

Wireshark Capture
  1. Go to File>Export Objects>HTTP (works the same with the other protocols listed)
Export File Menu

2. Choose the file you want to save and click save.

For this example, only one file object existed in the captured traffic. Also, keep in mind that this will not work with SSL/TLS encrypted traffic unless several things are in place. It is also important to note when dealing with potential malicious traffic that the files saved will not be defanged.