Packet Squirrel II not saving PCAP files

[moondog]

Hey guys,

Long time lurker first time posting...

I recently purchased the new version of the packet squirrel because I wanted to play around with the built in TCP Dump payload. However, I'm having some issues with it and was hoping maybe someone could point in the right direction.

The directions I followed for setup was the ones provided by the Hak5 website here: https://docs.hak5.org/packet-squirrel/default-payloads/logging-network-traffic

I've gone thorough the setup process by connecting to the web interface. I have a USB formatted as NTFS and have also tried EXT4. The current one I'm using is a 32GB PNY flash drive but I have tried others. After booting up the squirrel it blinks green for a while, pauses, blinks teal once, and then goes solid green. The instructions above indicate that it should blink yellow to indicate that the PCAP file is being writing to the loot folder on the USB. I press the button on the side to stop the tcpdump and to write the files but after removing the flash drive and reviewing it on my PC the USB appears to be empty. No loot folder or anything!

Not sure what I'm doing wrong (I'm sure its something stupid I'm doing) but if anyone has any suggestions that would be amazing.

Thanks!

[dark_pyrro]

From where are you sourcing your payload? Just checking since you're linking to the documentation of the Mark I version of the Squirrel.

What switch directory did you put the payload in? And, you are 100% certain that the hardware switch is in the corresponding position, i.e. the same as the switch directory?

[moondog]

Sorry for the delayed answer! Got really busy during the holidays.

Thanks for the reply but I'm embarrassed to admit that I thought the the TCPDump came preloaded on the device itself. Once I copied over the script from the Github repo all is working properly now.

 

Thanks again!