We covered a complete introduction to Wireshark, the packet analysis tool. We went over the main sections, capturing traffic, packet dissection and analysis, extracting protocol statistics about the captured traffic in addition to dissecting and explaining packet details and navigation. This was part of TryHackMe Wireshark The Basics & TryHackMe Packet Operations which are part of TryHackMe SOC Level 1.

Get Network Traffic Analysis Study Notes

The Complete Practical Metasploit Framework Course

Video Highlights

Room Answers

Use the “Exercise.pcapng” file to answer the questions.
 
Read the “capture file comments”. What is the flag?

What is the total number of packets?

What is the SHA256 hash value of the capture file?

View packet number 38. Which markup language is used under the HTTP protocol?

What is the arrival date of the packet? (Answer format: Month/Day/Year)

What is the TTL value?

What is the TCP payload size?

What is the e-tag value?

Use the “Exercise.pcapng” file to answer the questions.
Search the “r4w” string in packet details. What is the name of artist 1?

Go to packet 12 and read the comments. What is the answer?

There is a “.txt” file inside the capture file. Find the file and read it; what is the alien’s name?

Look at the expert info section. What is the number of warnings?

Go to packet number 4. Right-click on the “Hypertext Transfer Protocol” and apply it as a filter. Now, look at the filter pane. What is the filter query?

What is the number of displayed packets?

Go to packet number 33790 and follow the stream. What is the total number of artists?

What is the name of the second artist?

Investigate the resolved addresses. What is the IP address of the hostname starts with “bbc”?

What is the number of IPv4 conversations?

How many bytes (k) were transferred from the “Micro-St” MAC address?

What is the number of IP addresses linked with “Kansas City”?

Which IP address is linked with “Blicnet” AS Organisation?

What is the most used IPv4 destination address?

What is the max service request-response time of the DNS packets?

What is the number of HTTP Requests accomplished by “rad[.]msn[.]com?

What is the number of IP packets?

What is the number of packets with a “TTL value less than 10”?

What is the number of packets which uses “TCP port 4444”?

What is the number of “HTTP GET” requests sent to port “80”?

What is the number of “type A DNS Queries”?

Find all Microsoft IIS servers. What is the number of packets that did not originate from “port 80”?

Find all Microsoft IIS servers. What is the number of packets that have “version 7.5”?

What is the total number of packets that use ports 3333, 4444 or 9999?

What is the number of packets with “even TTL numbers”?

Change the profile to “Checksum Control”. What is the number of “Bad TCP Checksum” packets?

Use the existing filtering button to filter the traffic. What is the number of displayed packets?

Video Walkthrough

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles