hello everyone! I am trying to extract files from a pcap. Reading the documentation I saw it is possible but when I execute zeek -r pcapfile --profile-scripts=“/home/kali/zeek/scripts/policy/frameworks/files/extract-all-files.zeek”
I have no files, instead it should find some .wav audio files. How can I get the files? I followed these guides without success
https://docs.zeek.org/en/master/logs/files.html
Uhm - this is not how to use --profile-scripts
. Scripts that you want to load can be simply placed one the command line:
zeek -r pcapfile frameworks/files/extract-all-files
However, if you’ve executed with --profile-scripts=...
you may have overwritten the contents of extract-all-files.zeek with profiling information. Please check the content of extract-all-files.zeek and if it’s not 8 lines long and just a file_new()
event handler, you’re probably best off re-installing Zeek.
Hope that helps,
Arne
1 Like
Thank you! I solved and yes I “corrupted” the script but instead of re-installing zeek I downloaded correct files from github in the same directory Now I have all my wav files