top of page
  • Writer's pictureLaura Chappell

Wireshark Challenge 01 Answers

Did you get a chance to try out last week's Wireshark Challenge based on the chappell-WChallenge012024.pcapng? Too easy?


If you didn't - go back and grab the trace file and try it out before looking at the answers below. There's often more than one way to get an answer. Below, I have offered one option for each question.


1. What tool was used for the capture process?

Dumpcap (Wireshark) 4.2.5 (v4.2.5-0-g4aa814ac25a1) - Click the button next to the Expert down on the Status Bar - that launches the Capture File Properties window (or select Statistics > Capture File Properties).



2. What is Fred's machine's IPv4 address?

10.0.0.157 - Find a DNS Request, TCP SYN, or HTTP2 GET request and look at the source IP address.


3. What is Fred's machine's Ethernet address?

d8:bb:c1:56:61:63 - Since the instructions said the trace file was taken on Fred's machine, we simply need to look at the Source Ethernet address on packets sent from Fred's machine - any packets used for #2.


4. What is/are the IP address(es) of the DNS server(s)?

75.75.75.75 and 75.75.75.76 - A simple dns filter will reveal the answer here. If we want to view just DNS responses, we can filter on dns.flags.response == True to view only DNS responses.


5. What operating system is running on Fred's machine?

Windows - HTTP/2 GET requests contain a user-agent field that defines the browser and operating system of the source.


6. Is Fred likely located on the East or West coast of the US?

West coast - we might make that assumption given the answer to #9, but we can actually locate an indication inside a TLS Client Hello where the Server Name field offers interesting insights into the communications.


7. What browser is Fred using?

Firefox - This is visible in the user-agent field - see #5.


8. In what sport is Fred interested?

Ice Hockey - the DNS traffic gives this away - use that dns filter again - just like in #4. There are a lot of references to NHL - National Hockey League.


9. In what team is Fred interested?

San Jose Sharks (sad... what a terrible year they had) - again, the DNS traffic gives this away.


10. What TLS version(s) does Fred's machine support?

TLS 1.2 and TLS 1.3 - inside the TLS Client Hello packets, we must look for and expand the "supported versions" extension section.

How did you do? Did you add and sort any columns? Did you apply other display filters?

This is great practice!


Cheers!

Comments


bottom of page