HOMEWORK help needed

[shooter27]

Hi, 
So I've got a homework to do. They gave me a pcapng file (constains wireshark packets)
The question is : Knowing that port 80 is usually used for the http protocol, show that this protocol was used to send sensible informations regarding a file containing passwords from machine 192.168.1.119 to a distant server

So I filtered my packets : tcp.port == 80 && ip.addr == 192.168.1.119 && http 
But now I still don't get how to show which packets contain those informations

I'm looking at the info column to try and figure out something but I don't get it...
Doing the homework on a kali linux vm if that helps
Any help is appreciated.

[Lurick]

Maybe open up the packets and look at the payload?

[shooter27]

24 minutes ago, Lurick said:

Maybe open up the packets and look at the payload?

well I'm tying but I dont see anything different than the other that would suggest one packet is sending a password file...

[eece_ret]

As http is a clear text protocol, the information you are looking for is in teh HTTP payload.  

If a cleartext file was transmitted in http  you should see the text contents of that file as its chunks are sent to the distant server.  Wireshark should reassemble for you and you woudl see it.

 

As far as the how to find it or where in teh flow it is.... Well... Its your homework, you wouldnt want to run afoul of academic codes of conduct and what not....

[eece_ret]

Maybe look at HTTP status codes and think how would a server respond if it successfully responded to a HTTP get.

 

 

https://http.cat/