Extracting Windows executables with Wireshark

This is an example of how to use Wireshark to extract a Windows executable file from an FTP transfer between two computers on the same network. In this walkthrough I’ll be using three VMs:
-A Linux VM to serve as the FTP server with a file on it. (Bottom right)
-A Windows XP VM to connect to the Linux server and download the file. (Top right)
-A kali Linux VM to listen to the network while the file transfer happens. (Left)

01_vms

I’ll start by setting up Wireshark on my Kali VM to listen in promiscuous mode and click start to make Wireshark begin listening to traffic on the network.

The opinions and thoughts on this blog are those of Overflow Security members, and do not reflect those of our members employers.