Extracting Windows executables with Wireshark

This is an example of how to use Wireshark to extract a Windows executable file from an FTP transfer between two computers on the same network. In this walkthrough I’ll be using three VMs:
-A Linux VM to serve as the FTP server with a file on it. (Bottom right)
-A Windows XP VM to connect to the Linux server and download the file. (Top right)
-A kali Linux VM to listen to the network while the file transfer happens. (Left)

01_vms

I’ll start by setting up Wireshark on my Kali VM to listen in promiscuous mode and click start to make Wireshark begin listening to traffic on the network.