Professional Documents
Culture Documents
Comsat=
Biff=
Login=
Who=
11
513
Remote login.
Maintains database of Who
is logged in
12
13
514
1099
Shell
RMIregistry
14
15
1524
2049
Ingreslock
Shilp
Nfs
SCIENTIA-SSDB
MYSQL
DISTCC
PostgreSQL Database
RFB
X11
IRC
Unassigned
Unassigned
Unassigned
Msgsrvr
Unassigned
Dynamic and/or Private
ports
16
17
18
19
20
21
22
23
24
25
26
27
28
2121
3306
3632
5432
5900
6000
6667
6697
8009
8180
8787
43607
52878
29
56166
30
59563
Remote FrameBuffer
Windows system
Internet Relay Shat
Unofficially (IRC SSL)
SANS: Netware-rmgr
Message Server
(Xsan filesystems Access
(Apple
Having the protocol tab showing 802.11 for all 208428 frames
suggest that there is a likelihood the network card was used in
monitor mood and has possibly captured raw IEEE 802.11 traffic
encrypted.
On that revelation it was clear I needed to decrypt the file.
From previous knowledge Aircrack-ng was the best bet to decrypt
the capture.
Used Aircrack-ng to analyse the IVs and retrieve possible Key
28:E6:6,B:E9:D3:B6:20:95:DD:E9:2F:BE:3 with the command
aircrack ng deep.cap
Frame 7 used source port 49510 (unassigned port number) for FTP
traffic to port 21, also shown is USER: joe ;
From the information around Frame 26, comes an Hints about
password and signals how close I am getting;
Frame 32 to 34 shows that port number 49510 to 49512 is affiliated
with an adobe service;
Open decaped file on Networkminer and on the files tab was no
file;
Meanwhile on the presumption that a file is still hidden prompted
me to use the command;
Sudo tcpxtract f deep-dec.cap o tcpxtract/ and a zip file was
extracted which requested for a password to unzip;
file capture, Base64 command line was used to decode the password
from 7bit
References
1. Bejtlich, R., 2006. Network Forensic Traffic Reconstruction with Tcpxtract
[Blog] Available at http://taosecurity.blogspot.ie/2006/01/network-forensictraffic.html [Accessed 25 April 2013].
2. Maynard, C., 2009. ICMP and endian-ness issue. Wireshark dev [online]
Available at http://www.wireshark.org/lists/wireshark-dev/200909/msg00224.html
[Accessed 10 April 2013].
3. Lyon, G., The Official Nmap Project Guide to Network Discovery and Security
Scanning. Nmap [online] Available at http://nmap.org/book/man-briefoptions.html
[Accessed 24 April 2013]
13. Geier, J., 2008. How to: Sniff Wireless Packets with Wireshark, Wi-Fi Planet.
[Online] Available at : http://www.wi-fiplanet.com/tutorials/article.php/3791421
/How-to-Sniff-Wireless-Packets-with-WireShark.htm [Accessed 13 May 2013]
14. Tech-Juice,. 2011. Wireshark: 802.11 Frame Display. [Online] Available at
http://www.tech-juice.org/2011/11/25/wireshark-wireless-display-filters/
10