Start searching for malware inside the pcap. Use the tools mentioned in Malware Analysis.
A note about PCAP vs PCAPNG: there are two versions of the PCAP file format; PCAPNG is newer and not supported by all tools. You may need to convert a file from PCAPNG to PCAP using Wireshark or another compatible tool, in order to work with it in some other tools.
- If the header of your pcap is broken you should try to fix it using: http://f00l.de/hacking/pcapfix.php****
- Extract information and search for malware inside a pcap in PacketTotal****
capinfos capture.pcap
Inside wireshark you can see different statistics that could be useful. Some interesting http filters: https://www.wireshark.org/docs/dfref/h/http.html
If you want to search for content inside the packets of the sessions press CTRL+f
You can add new layers to the main information bar (No., Time, Source...) pressing right bottom and Edit Column
apt-get install suricata
apt-get install oinkmaster
echo "url = http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz" >> /etc/oinkmaster.conf
oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules
suricata -r packets.pcap -c /etc/suricata/suricata.yaml -k none -v -l log
If you are looking for something inside the pcap you can use ngrep. And example using the main filters:
ngrep -I packets.pcap "^GET" "port 80 and tcp and host 192.168 and dst host 192.168 and src host 192.168"
Xplico can analyze a pcap and extract information from it. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on.
sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" /etc/apt/sources.list'
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE
sudo apt-get update
sudo apt-get install xplico
/etc/init.d/apache2 restart
/etc/init.d/xplico start
Access to 127.0.0.1:9876 with credentials xplico:xplico
Then create a new case, create a new session inside the case and upload the pcap file.
Like Xplico it is a tool to analyze and extract objects from pcaps. It has a free edition that you can download here.