Networking: Wireshark: The Basics (TryHackMe)

J3bitokJ3bitok
3 min read

In this article, I will write a write-up for Wireshark: The Basic that covers how Tool Overview, Packet Dissection, Packet Navigation, and Packet Filtering.

  1. Which file is used to simulate the screenshots? http1.pcapng

  2. Which file is used to answer the questions? Exercise.pcapng

    Use the "Exercise.pcapng" file to answer the questions.

  3. Read the "capture file comments". What is the flag? TryHackMe_Wireshark_Demo

    Once you’ve opened the Exercise.pcapng file check the Statistics > Capture File Properties (it will answer the next questions)

  4. What is the total number of packets? 58620

  5. What is the SHA256 hash value of the capture file? f446de335565fb0b0ee5e5a3266703c778b2f3dfad7efeaeccb2da5641a6d6eb

Use the "Exercise.pcapng" file to answer the questions.

  1. View packet number 38. Which markup language is used under the HTTP protocol? eXtensible Markup Language

  2. What is the arrival date of the packet? (Answer format: Month/Day/Year) 05/13/2004

  3. What is the TTL value? 47

  4. What is the TCP payload size? 424

  5. What is the e-tag value? 9a01a-4696-7e354b00

Use the "Exercise.pcapng" file to answer the questions.

  1. Search the "r4w" string in packet details. What is the name of artist 1? r4w8173

    Search packet number 39765 as shown above, then once you have it, highlight it and pick File > Export Packet Bytes then it will be saved into the Desktop folder. Once it’s saved you’ll need to get the hash by using the md5sum command.

  1. Go to packet 12 and read the comments. What is the answer? 911cd574a42865a956ccde2d04495ebf

  2. There is a ".txt" file inside the capture file. Find the file and read it; what is the alien's name? PACKETMASTER
    search the packet with .txt file as on the image above, packet 4267 will come up, then right-click the JPEG File Interchange Format then select export objects and select HTTP. When you check Desktop folder on the terminal it will have a lot of files but target cat nano.txt

  3. Look at the expert info section. What is the number of warnings? 1636
    Go to the Analyze menu item and select Expert Information this will come and you’ll be able to see the number of Warnings

    Use the "Exercise.pcapng" file to answer the questions.

  4. Go to packet number 4. Right-click on the "Hypertext Transfer Protocol" and apply it as a filter. Now, look at the filter pane. What is the filter query? http

  5. What is the number of displayed packets? 1089

  6. Go to packet number 33790 and follow the stream. What is the total number of artists? 3

    Search packet number 33790 then double-click on it, at the bottom it will open the bottom you’ll highlight the HyperText Transfer protocol hover over the analyze menu item at the top and select follow then select HTTP Stream it will open the window attached to question 18 and looking through we’ve artist=1 to artist=3 with their respective names

  7. What is the name of the second artist? Blad3

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges. We can also connect more on LinkedIn or X.

0
Subscribe to my newsletter

Read articles from J3bitok directly inside your inbox. Subscribe to the newsletter, and don't miss out.

WiresharknetworkingWrite Up

Written by

J3bitok
J3bitok

Software Developer Learning Cloud and Cybersecurity Open for roles * If you're in the early stages of your career in software development (student or still looking for an entry-level role) and in need of mentorship you can book a session with me on Mentorlst.com.