![]() ![]() If you look at the images above in Task 1A, you'll notice that the MAC addresses in the Source/Destination columns are raw. Task 3 - What are the resolved names for the 00:0c:29:21:ad:4d and ff:ff:ff:ff:ff:ff MAC addresses? I use ip.dst in this case.įinal answer: the mac address is 00:0c:29:b4:5c:90. I just need to find the IP address with the ip.addr filter and match the IP as source or destination to the MAC address, but this can be refined to ip.dst or ip.src so I only need to consider one. This one is pretty straight forward as well. Task 2 - What’s the MAC address for the IP host 10.0.4.20? ![]() Wrapping up the first task focus, this can be accomplished one of two ways, with a generic mdns protocol filter or the filter and then the contains operator for that string.īoth results are the same, and the final answer here is 13. Our task is request only, which has an icmp type of 8.įinal answer: 7 Task 1.C - How many multicast DNS queries for an "Elgato Key Light Air"? There could be even more icmp traffic at any given time, but this capture only has the request/response types. Task 1.B - How many ping requests?įor this task, following directions is necessary, as the request is for ping requests, not all pings. I could count from there, as you can see that there is at least one matching in packet 477, but instead, I can narrow the filter to the arp destination of the IP asked for.Īnd with that, I have a final answer for this task of 5. So for this first one, I apply a generic arp filter. My approach to most tasks is to start with a wide net and work toward the narrow. Task 1.A - How many arp requests for 10.0.3.100? I worked from two packet captures from my local test BIG-IP system. All the exercises, my approach to solving them, and the answers are below. In honor of Cybersecurity Awareness Month, I thought it appropriate to frame the activity in a capture the flag (CTF) format as is often offered at security conferences and increasingly as well through online learning platforms. On the debut of my new show The Core on Tuesday, I got to share a few, but not all of the Wireshark exercises I had planned. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |