I have recently had a lot of questions on how to effectively use the Meterpreter agent contained in the Metasploit framework. I am by no means a expert at it however I have a pretty good working knowledge of it use. I will try to give a little insight into its use. If you have a more advanced or specific question concerning Meterpreter please feel free to post in the question section and I or someone else will be more than happy to try to answer your question.
When using the network protocol analyzer Wireshark, if you’re specifically looking for the payload, look for the [PSH, ACK] tag in the “Info” column. Once you click on the row with that tag, you will see the “Data” node in the packet window as shown in the attached window.
The other tags ([ACK], [SYN], [FIN,ACK]) shown in the “Info” column are TCP control packets and do not include any data/payload. They are used for handshaking.