Ask Your Question

Revision history [back]

Searching PCAP file for specific plaintext information

I am working on a lab for a class and we are being tasked with finding data in a pre-generated PCAP file using Wireshark. The data is communication between Amazon Alexa and WEMO plugs. In one particular PCAP the command given is: Alexa volume 8. How would you search an entire PCAP file for this data? Below is a description from the instructions.

In this case, there are two Belkin Wemo power outlet controllers to turn connected devices on or off. Additional commands are captured for queries made to the Alexa application. You will look at the data packets exchanged between the Amazon Echo Dot and the WeMo devices, and the Amazon Internet web services to answer queries. The goal will be to determine if any visible plaintext information is exchanged as information or commands, and if such data packets might be hijacked, exploited, replayed, or be subject to man-in-the-middle attacks.