6. 改用 xplico , xplico GUI 不 work
usage: xplico [-v] [-c <config_file>] [-h] [-g] [-l] [-i <prot>] -m <capute_module>
-v version
-c config file
-h this help
-i info of protocol 'prot'
-g display graph-tree of protocols
-l print all log in the screen
-m capture type module
NOTE: parameters MUST respect this order!
./xplico -m pcap -f /root/Desktop/Evidence03.pcap
8. Note: sample size could be either 2, 3, 4, 5 bits for 16,24,32 and 40 kbits/s. The
default Kbit/s will be 32
Note: If there are 802.1Q headers in the RTP packet capture, please don't set the
filter expression
Example Usage:
videosnarf -i inputfile.pcap
videosnarf -i inputfile.pcap -f "udp dst port 25001"
Answer: rom127#
9. 4. DEFCON 2011 Network Forensics Puzzle: The Heist
Scrolling down to the 16th line inside the XLS file, you get the answer: Jason Wilson
5. DEFCON 2011 Network Forensics Puzzle: The Heist Part 2
http://forensicscontest.com/contest09/spoilers/2011-Defcon-Contest-Round5/defco
n2011contest-round5.html
useonce@
Opening the file, you can find the password : 8.4 oz- Red Bull
Linux 解
tcpdump -s0 -r Evidence05.pcap -w SMB.cap port 445