⚠️ Pracivo Security Lab — Download PCAP files and open them in Wireshark. Each file contains hidden credentials or sensitive data to find.
Wireshark Display Filter Cheatsheet
# ── Show only specific protocols ────────────────────────────
http # All HTTP traffic
ftp # All FTP traffic
telnet # All Telnet traffic
dns # All DNS queries
tcp # All TCP traffic
udp # All UDP traffic
ssh # All SSH traffic
# ── Filter by IP address ─────────────────────────────────────
ip.addr == 192.168.1.55 # Traffic to or from this IP
ip.src == 192.168.1.55 # Only traffic FROM this IP
ip.dst == 192.168.1.10 # Only traffic TO this IP
# ── Filter by port ───────────────────────────────────────────
tcp.port == 80 # HTTP
tcp.port == 21 # FTP
tcp.port == 22 # SSH
tcp.port == 23 # Telnet
tcp.port == 443 # HTTPS
tcp.port == 3389 # RDP
# ── Find credentials ─────────────────────────────────────────
http.request.method == "POST" # Login form submissions
http contains "password" # Any HTTP packet with password
ftp.request.command == "PASS" # FTP password command
tcp contains "PASS" # Telnet/FTP password in TCP stream
# ── Follow a stream ──────────────────────────────────────────
# Right click any packet → Follow → TCP Stream
# Shows the entire conversation reconstructed as text
# ── Export credentials ───────────────────────────────────────
# File → Export Objects → HTTP
# Extracts all files transferred over HTTP