Skip to main content
HashnodeUntitled Publication

Command Palette

Search for a command to run...

Wireshark 101 - TryHackMe Write-up

Published
2 min read
Wireshark 101 - TryHackMe Write-up
B
b1gsh4d0w
Part of seriesTryHackMe Write-ups

Info

  • Name: Wireshark 101
  • Description: Learn the basics of Wireshark and how to analyze various protocols and PCAPs
  • Difficulty: Easy
  • Room link: https://tryhackme.com/room/wireshark

Write-up

Task 7

Q: What is the Opcode for Packet 6?

A: request (1)

t7_1.png

Q: What is the source MAC Address of Packet 19?

A: 80:fb:06:f0:45:d7

t7_2.png

Q: What 4 packets are Reply packets?

A: 76,400,459,520

t7_3.png

Q: What IP Address is at 80:fb:06:f0:45:d7?

A: 10.251.23.1

t7_4.png

Task 8

Q: What is the type for packet 4?

A: 8

t8_1.png

Q: What is the type for packet 5?

A: 0

t8_2.png

Q: What is the timestamp for packet 12, only including month day and year? note: Wireshark bases it’s time off of your devices time zone, if your answer is wrong try one day more or less.

A: May 30, 2013

t8_3.png

Q: What is the full data string for packet 18?

A: 08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637

t8_4.png

Task 10

Q: What is being queried in packet 1?

A: 8.8.8.8.in-addr.arpa

t10_1.png

Q: What site is being queried in packet 26?

A: www.wireshark.org

t10_2.png

Q: What is the Transaction ID for packet 26?

A: 0x2c58

t10_3.png

Task 11

Q: What percent of packets originate from Domain Name System?

A: 4.7

t11_1.png

Q: What endpoint ends in .237?

A: 145.254.160.237

t11_2.png

Q: What is the user-agent listed in packet 4?

A: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

t11_3.png

Q: Looking at the data stream what is the full request URI from packet 18?

A: http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-2309191948673629&random=1084443430285&lmt=1082467020&format=468x60_as&output=html&url=http%3A%2F%2Fwww.ethereal.com%2Fdownload.html&color_bg=FFFFFF&color_text=333333&color_link=000000&color_url=666633&color_border=666633

t11_4.png

Q: What domain name was requested from packet 38?

A: www.ethereal.com

t11_5.png

Q: Looking at the data stream what is the full request URI from packet 38?

A: http://www.ethereal.com/download.html

t11_6.png

Task 12

Q: Looking at the data stream what is the full request URI for packet 31?

A: https://localhost/icons/apache_pb.png

t12_1.png

Q: Looking at the data stream what is the full request URI for packet 50?

A: https://localhost/icons/back.gif

t12_2.png

Q: What is the User-Agent listed in packet 50?

A: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2

t12_3.png

#tryhackme#write-up#wireshark

Comments

Join the discussion

No comments yet. Be the first to comment.

TryHackMe Write-ups

Part 4 of 20

In this series is where I post all the write-ups of the rooms I do in the TryHackMe website.

Up next

Active Directory Basics - TryHackMe Write-up

Info Name: Active Directory Basics Description: Learn the basics of Active Directory and how it is used in the real world today Difficulty: Easy Room link: https://tryhackme.com/room/activedirectorybasics Write-up Task 2 Q: What database does the A...

More from this blog

Untitled Publication

21 posts