Wireshark Practices

Huseyin EKSI

All pcaps can be downloaded as a zip from here

Lab-1
Open lab1.pcap from link and answer the following questions…

1. What is the currencyCode value in the provided pcap file?(Hint:http)

2.What is the http response code in after applying http filter?

3. What is the domain name queried with the port number 51320 in the pcap file?

4. What are the two host names when you filter llmnr packets in the pcap file?

5.How many unique domains requested?

6.Is there IPV6 traffic?(Yes,No)

7.What is the largest MTU in the pcap file?

Lab-2
Open lab2.pcap from link and answer the following questions…

1. What is the DESKTOP-? name in the provided pcap file?

2. What is the suspicious domain name queried in the pcap file?

3. What is the IP address of that domain name in response in the pcap file?

4.Filter the IP for further investigation what is the name of the server that responded?

5.What is reputation of that IP address?(Good/Bad)

6.What is the local IP you find in the pcap belongs to the DESKTOP-..?

7.What is the mac address of that machine?

Lab-3
Open lab3.pcap from link and answer the following questions…

1. What is local IP of the victim in the provided pcap file?

2. What are the suspicious domain name queries in the provided pcap file?

3. What is the downloaded hta file name in the pcap file?

4.Decode the Powershell code and find a URL?

7.Can you find a probable PC name in the pcap?