Jump to content

Recommended Posts

Hey guys, I have a packet squirrel setup in Cloud2 and I can successfully start a terminal session.

In a terminal session I would like to run a packet capture. If I run the command tcpdump -nni eth1 -f /mnt/loot/tcpdump/test2.pcap I am able to capture some packets.

I can Exfil the packet capture with the command: C2EXFIL /mnt/loot/tcpdump/test2.pcap and the file shows up in the C2 dashboard.

However, when I download the pcap, Wireshark cannot open it. I get an error message: "The file test2.pcap isn't a capture file in a format that Wireshark understands"

Screenshot: https://imgur.com/a/t9MJtoZ

I can open the pcap file with Wireshark from the USB stick, if I remove it from the Packet Squirrel and plug it into my PC.

Could the C2EXFIL command be modifying the .pcap file when it moves it? I've used the C2EXFIL command to move other files like .txt and .nmap and have not had any issues.

Has anyone else experienced this or figured out a way to move pcap's using C2EXFIL?

Link to post
Share on other sites
  • 9 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...