Ask Your Question

Searching PCAP file for specific plaintext information

asked 2018-09-10 20:55:54 +0000

NightZero88 gravatar image

I am working on a lab for a class and we are being tasked with finding data in a pre-generated PCAP file using Wireshark. The data is communication between Amazon Alexa and WEMO plugs. In one particular PCAP the command given is: Alexa volume 8. How would you search an entire PCAP file for this data? Below is a description from the instructions.

In this case, there are two Belkin Wemo power outlet controllers to turn connected devices on or off. Additional commands are captured for queries made to the Alexa application. You will look at the data packets exchanged between the Amazon Echo Dot and the WeMo devices, and the Amazon Internet web services to answer queries. The goal will be to determine if any visible plaintext information is exchanged as information or commands, and if such data packets might be hijacked, exploited, replayed, or be subject to man-in-the-middle attacks.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-09-11 05:52:36 +0000

mrEEde gravatar image

You could use a Display Filter to filter packets that contain an ASCII string frame contains "mazon" to get you started Regards Matthias

edit flag offensive delete link more


I did try searching using frame contains but didn't find anything related to Alexa. It is possible that the data doesn't exist in the PCAP but considering the instructions I assumed it must be. Thank you for the help, I'll carry on assuming it is not in here.

NightZero88 gravatar imageNightZero88 ( 2018-09-11 17:54:08 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-09-10 20:55:54 +0000

Seen: 1,521 times

Last updated: Sep 11 '18