CTF Challenge Walkthrough: Network Traffic Analysis, 12 Challenges in one PCAP
It has been a while since I have posted a walkthrough and I was just thinking about this network traffic analysis challenge since I was sharing it with a friend to use for a CTF for high school students. I will be using Wireshark for the walk-through. Another possible tool to use is Network Miner. The challenge file is june2020.pcapng and there are twelve questions.
Question 1. How many ping requests were sent in the june2020.pcapng capture?
Open the packet capture and apply the following filter: “icmp.type == 8”. This filter will show all ICMP (aka ping) packets that are Type 8, which is an echo ping request. Note at the bottom of the Wireshark screen that there are six of these packets.
Question 2. What is the IP address of the device associated with 08:00:27:4b:e3:60?
We are searching for a MAC address, which is a six-byte hexadecimal value separated by colons. Use the “find” function to search for the hex value 08:00:27:4b:e3:60. Find can be invoked using Edit > Find Packet or by selecting the magnifying glass in the menu bar. Either method will show us the packets that include that value.
Drilling down into one of the “find” results shown in frame number 9, we see that 08:00:27:4b:e3:60 is the source MAC…
