Secuneus Labs – TryHackMe Walk-through : Wireshark : Network Packet Forensics CTF

Secuneus Room : TryHackme

Join Room : https://tryhackme.com/jr/secuneusctf

Walkthrough : Wireshark

1. Find the Total number of packets originated from Suspicious IP Address : 192.168.1.82

Ans:- Go to the “Statistics” menu at the top of the Wireshark window.Select “Summary.”In the “Summary” window, you can find various statistics about the captured packets, including the total number of packets, the number of packets matching your filter, and more.

The answer is 26.

4. Find a source person ip address, who tries to access facebook.com, during office hours. It’s Bad..!

Ans:-tls.handshake.extensions_server_name == facebook.com

5. Someone tries to DOS Attack using PING from different machine on Target 192.168.1.83 ?Find the total number of PING Packet.?

Ans:- icmp and (ip.dst == 192.168.1.83)

6.  Our VAPT Team Member are asking about Version of Internet Group Management Protocol. Find the Version of Internet Group Management Protocol

Ans:- igmpv2

7.  We need a mac address of the device, can you help us to find the mac address of the device associated with 192.168.1.82

Ans:-  find arp packets using filter arp

80:2b:f9:8e:63:21

8. Verify in the Packet Captured File & provide an IP Address who Access the Wiki Leaks Website.

tls.handshake.extensions_server_name == wikileaks.org