Table of Contents

We covered basic packet analysis with Wireshark. We used filters to go through packets. This was part of TryHackMe Advent of Cyber 3 Day 9.

Packet analysis is a technique used to capture and intercept network traffic that passes the computer’s network interfaces. Packet analysis may also be called with different terms such as packet sniffer, packet analyzer, protocol analyzer, or network analyzer. As a cybersecurity individual, gaining packet analysis skills is an important requirement for network troubleshooting and communication protocol analysis. Using network analysis tools such as Wireshark, it captures network packets in real-time and displays them in a human-readable format. It provides many advanced features, including the live capture and offline analysis. This task covers the packet analysis steps in detail using Wireshark to analyze various protocols (unencrypted protocols) such as HTTP, DNS, and FTP.

Get Blue Team Notes

Required Skills and Knowledge

We’re assuming that the user has basic background skills to complete this task, requires theoretical and practical knowledge, including basic networking concepts, TCP/IP Stack, OSI Model, and TCP handshake. This applies not only to packet analysis but also to most other topics we will deal with in cybersecurity.

Packet Analysis Tools

There are many tools that are used in network traffic analysis and network sniffing. Each of these tools provides a different way to capture or dissect traffic. Some offer ways to copy and capture, while others read and ingest using different interfaces. In this room, we will explore Wireshark. Keep in mind that these tools require administrator privileges.

Challenge Answers

In the HTTP #1 – GET requests section, which directory is found on the web server?

login

What is the username and password used in the login page in the HTTP #2 – POST section?

What is the User-Agent’s name that has been sent in HTTP #2 – POST section?

In the DNS section, there is a TXT DNS query. What is the flag in the message of that DNS query?

THM{dd63a80bf9fdd21aabbf70af7438c257}

In the FTP section, what is the FTP login password?

In the FTP section, what is the FTP command used to upload the secret.txt  file?

In the FTP section, what is the content of the secret.txt file?

Video Walk-Through

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles